CVE-2023-28660
- EPSS 0.45%
- Veröffentlicht 22.03.2023 21:15:18
- Zuletzt bearbeitet 21.11.2024 07:55:45
The Events Made Easy WordPress Plugin, version <= 2.3.14 is affected by an authenticated SQL injection vulnerability in the 'search_name' parameter in the eme_recurrences_list action.
CVE-2023-0404
- EPSS 0.11%
- Veröffentlicht 19.01.2023 15:15:14
- Zuletzt bearbeitet 21.11.2024 07:37:07
The Events Made Easy plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several functions related to AJAX actions in versions up to, and including, 2.3.16. This makes it possible for authenticated attacker...
CVE-2022-1905
- EPSS 23.72%
- Veröffentlicht 20.06.2022 11:15:10
- Zuletzt bearbeitet 21.11.2024 06:41:43
The Events Made Easy WordPress plugin before 2.2.81 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection
CVE-2021-25030
- EPSS 0.71%
- Veröffentlicht 03.01.2022 13:15:09
- Zuletzt bearbeitet 21.11.2024 05:54:13
The Events Made Easy WordPress plugin before 2.2.36 does not sanitise and escape the search_text parameter before using it in a SQL statement via the eme_searchmail AJAX action, available to any authenticated users. As a result, users with a role as ...
CVE-2021-24813
- EPSS 0.21%
- Veröffentlicht 01.11.2021 09:15:09
- Zuletzt bearbeitet 21.11.2024 05:53:48
The Events Made Easy WordPress plugin before 2.2.24 does not sanitise and escape Custom Field Names, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed