4 matches found
CVE-2022-3720
The Event Monster WordPress plugin before 1.2.0 does not validate and escape some parameters before using them in SQL statements, which could lead to SQL Injection exploitable by high privilege users...
CVE-2022-3720 Event Monster < 1.2.1 - Admin+ SQLi
The Event Monster WordPress plugin before 1.2.0 does not validate and escape some parameters before using them in SQL statements, which could lead to SQL Injection exploitable by high privilege users...
CVE-2022-3720 Event Monster < 1.2.1 - Admin+ SQLi
The Event Monster WordPress plugin before 1.2.0 does not validate and escape some parameters before using them in SQL statements, which could lead to SQL Injection exploitable by high privilege users...
CVE-2022-3720
The Event Monster WordPress plugin (pre-1.2.0) contains an SQL injection due to unsafely used parameters in SQL statements. Impact is high for high-privilege users; exploitation could lead to sensitive DB access. Affected versions are prior to 1.2.0. Remediation: upgrade to 1.2.0+ (notably 1.2.1 ...