Description
WordPress Plugin Spider Calendar is prone to an SQL injection and a cross-site scripting vulnerability. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. WordPress Plugin Spider Calendar version 1.0.1 is vulnerable; other versions may also be affected.
Remediation
Update to plugin version 1.1.3 or latest
References
http://www.exploit-db.com/exploits/21715/
http://packetstormsecurity.com/files/117078/WordPress-Spider-1.0.1-SQL-Injection-XSS.html
Related Vulnerabilities
WordPress Plugin SEO Ultimate 'wp-admin/post.php' Cross-Site Scripting (6.9.1)
WordPress Plugin Simple Banner Cross-Site Scripting (2.10.3)
Drupal Core 9.1.x Cross-Site Scripting (9.1.0 - 9.1.13)
WordPress Plugin Quick Restaurant Menu Multiple Vulnerabilities (2.0.2)
WordPress Plugin Thrive Quiz Builder Security Bypass (2.3.9.3)