CVE-2017-1002018

2022-10-0316:22:52

larry_cashdollar

www.cve.org

wordpress

plugin vulnerability

sql injection

9.9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.0%

JSON

Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and attendees.php code do not sanitize input, this allows for blind SQL injection via the event parameter.

CNA Affected

[
  {
    "product": "eventr",
    "vendor": "Binny V A",
    "versions": [
      {
        "lessThan": "1.02.2",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.vapidlabs.com/advisory.php?v=192

wordpress.org/plugins/eventr/