3 matches found
CVE-2021-24943
The Registrations for the Events Calendar WordPress plugin before 2.7.6 does not sanitise and escape the eventid in the rtecsendunregisterlink AJAX action available to both unauthenticated and authenticated users before using it in a SQL statement, leading to an unauthenticated SQL injection...
CVE-2021-24943 Registrations for the Events Calendar < 2.7.6 - Unauthenticated SQL Injection
The Registrations for the Events Calendar WordPress plugin before 2.7.6 does not sanitise and escape the eventid in the rtecsendunregisterlink AJAX action available to both unauthenticated and authenticated users before using it in a SQL statement, leading to an unauthenticated SQL injection...
CVE-2021-24943
The CVE-2021-24943 entry concerns the WordPress plugin Registrations for the Events Calendar (pre-2.7.6). The issue is an unauthenticated SQL injection in the rtec_send_unregister_link AJAX action, where event_id is not properly sanitised/escaped before usage in a SQL statement. Affected componen...