Janek Vind “waraxe” reports multiple Vulnerability in WordPress Spider Event Calender Plugin Details Spider Event Calendar Plugin for WordPress contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to certain functions in the calendar_functions.php script not properly sanitizing user-supplied input. This includes input passed via the ‘order_by’ parameter [...]

Ashiyane Digital Security Team reports SQL Injection Vulnerability in WordPress ProPlayer Plugin Details ProPlayer Plugin for WordPress contains a flaw that allows SQL Injection. This flaw exists in the wp-content/plugins/proplayer/playlist-controller.php  script does permite SQL Injection via the id parameter. Recommended Action: Disable or Replace plugin until update becomes available. Last update to plugin in November 2011 – so [...]