WordPress Event List plugin <=0.7.8 vulnerable to SQL injection. Vulnerability allows an authenticated user to execute arbitrary SQL commands via the “id” parameter to “wp-admin/admin.php”
WordPress Event List plugin removed from WordPress.org plugin repository, please deactivate the plugin for security reasons.
Update: fixed version 0.7.9 available on WordPress.org plugin repository. Please update as soon as possible.
CPE | Name | Operator | Version |
---|---|---|---|
event list | le | 0.7.8 |