2 matches found
CVE-2022-1905
The CVE-2022-1905 entry documents an SQL injection in the WordPress plugin “Events Made Easy” before version 2.2.81. The vulnerability arises from improper sanitisation and escaping of a parameter used in a SQL statement via an unauthenticated AJAX action, allowing an attacker to inject SQL. The ...
CVE-2022-1905 Events Made Easy < 2.2.81 - Unauthenticated SQLi
The Events Made Easy WordPress plugin before 2.2.81 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...