6 matches found
WordPress Events Made Easy Plugin <= 2.3.14 is vulnerable to SQL Injection
Software Events Made Easy Type Plugin Vulnerable versions = 2.3.14 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-28660 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID b6f80ca22af2 Credits Joshua Martinelle Tenable Research Required...
CVE-2023-28660
creationtimestamp| type| source ---|---|--- 2023-03-22 23:35:59+00:00| seen| https://t.me/cibsecurity/60517...
CVE-2023-28660
The Events Made Easy WordPress Plugin, version = 2.3.14 is affected by an authenticated SQL injection vulnerability in the 'searchname' parameter in the emerecurrenceslist action...
CVE-2023-28660
The Events Made Easy WordPress Plugin, version = 2.3.14 is affected by an authenticated SQL injection vulnerability in the 'searchname' parameter in the emerecurrenceslist action...
CVE-2023-28660
The Events Made Easy WordPress Plugin, version = 2.3.14 is affected by an authenticated SQL injection vulnerability in the 'searchname' parameter in the emerecurrenceslist action...
CVE-2023-28660
CVE-2023-28660 affects the WordPress Events Made Easy plugin (versions ≤ 2.3.14). The vulnerability is an authenticated SQL injection in the eme_recurrences_list action via the search_name parameter, enabling SQLi with the attacker’s authenticated session. CVSSv3 base 8.8 (HIGH) reflects impact o...