EUVD-2021-11725

Malware in sbrugna...

EUVD-2023-12463

Malicious code in bioql PyPI...

EUVD-2023-32321

Malicious code in bioql PyPI...

CVE-2023-0404

The Events Made Easy plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several functions related to AJAX actions in versions up to, and including, 2.3.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above,...

CVE-2023-28660

The Events Made Easy WordPress Plugin, version = 2.3.14 is affected by an authenticated SQL injection vulnerability in the 'searchname' parameter in the emerecurrenceslist action...

CVE-2022-1905

The Events Made Easy WordPress plugin before 2.2.81 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

CVE-2021-24813

The Events Made Easy WordPress plugin before 2.2.24 does not sanitise and escape Custom Field Names, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2021-25030

The Events Made Easy WordPress plugin before 2.2.36 does not sanitise and escape the searchtext parameter before using it in a SQL statement via the emesearchmail AJAX action, available to any authenticated users. As a result, users with a role as low as subscriber can call it and perform SQL...

Events Made Easy Plugin for WordPress <= 2.3.14 SQL Injection

The WordPress Events Made Easy Plugin installed on the remote host is affected by an authenticated SQL Injection via the searchname parameter of the emerecurrenceslist action. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported...

WordPress Events Made Easy Plugin <= 2.3.14 SQLi Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:e-dynamics:eventsmadeeasy"; if description...

WordPress Events Made Easy Plugin <= 2.3.14 is vulnerable to SQL Injection

Software Events Made Easy Type Plugin Vulnerable versions = 2.3.14 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-28660 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID b6f80ca22af2 Credits Joshua Martinelle Tenable Research Required...

CVE-2023-28660

The Events Made Easy WordPress Plugin, version = 2.3.14 is affected by an authenticated SQL injection vulnerability in the 'searchname' parameter in the emerecurrenceslist action...

Sql injection

The Events Made Easy WordPress Plugin, version = 2.3.14 is affected by an authenticated SQL injection vulnerability in the 'searchname' parameter in the emerecurrenceslist action...

WordPress Plugin Events Made Easy SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2023-28660

CVE-2023-28660 affects the WordPress Events Made Easy plugin (versions ≤ 2.3.14). The vulnerability is an authenticated SQL injection in the eme_recurrences_list action via the search_name parameter, enabling SQLi with the attacker’s authenticated session. CVSSv3 base 8.8 (HIGH) reflects impact o...

CVE-2023-28660

The Events Made Easy WordPress Plugin, version = 2.3.14 is affected by an authenticated SQL injection vulnerability in the 'searchname' parameter in the emerecurrenceslist action...

PT-2023-21882 · WordPress · Events Made Easy Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Events Made Easy WordPress Plugin version = 2.3.14 Description: The issue is an authenticated SQL injection vulnerability. It affects the search name parameter in the eme recurrences list action. Recommendations: For Events Made Easy WordPres...

CVE-2023-0404

The Events Made Easy plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several functions related to AJAX actions in versions up to, and including, 2.3.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above,...

CVE-2023-0404 Events Made Easy <= 2.3.16 - Missing Authorization

The Events Made Easy plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several functions related to AJAX actions in versions up to, and including, 2.3.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above,...

PT-2023-16245 · WordPress · Events Made Easy

Name of the Vulnerable Software and Affected Versions: Events Made Easy plugin for WordPress versions up to, and including, 2.3.16 Description: The issue is related to authorization bypass due to a missing capability check on several functions related to AJAX actions. This allows authenticated...