Lucene search
K

61 matches found

NVD
NVD
added 6 days ago12 views

CVE-2026-9700

The Eventer plugin for WordPress is vulnerable to time-based SQL Injection via the ‘code’ parameter in all versions up to, and including, 4.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

7.5CVSS0.00273EPSS
Exploits0References2
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-42170

The Eventer plugin for WordPress is vulnerable to time-based SQL Injection via the ‘code’ parameter in all versions up to, and including, 4.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

7.5CVSS6AI score0.00273EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-9700 Eventer <= 4.4.2 - Unauthenticated SQL Injection via 'code' Parameter

The Eventer plugin for WordPress is vulnerable to time-based SQL Injection via the ‘code’ parameter in all versions up to, and including, 4.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

7.5CVSS0.00273EPSS
Exploits0References2
CVE
CVE
added 6 days ago13 views

CVE-2026-9700

The CVE covers the WordPress Eventer plugin vulnerability up to version 4.4.2, caused by insufficient escaping of the user-supplied code parameter and inadequate SQL query preparation. This enables time-based SQL injection by unauthenticated attackers to append additional SQL to existing queries ...

7.5CVSS6AI score0.00273EPSS
Exploits0References2
NVD
NVD
added 6 days ago12 views

CVE-2026-9701

The Eventer plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 4.4.2. The plugin stores a plaintext copy of the password reset key in the eventerverificationcode user meta field when a user requests a password reset. The plaintext key...

9.8CVSS0.00267EPSS
Exploits0References2
CVE
CVE
added 6 days ago14 views

CVE-2026-9701

The CVE-2026-9701 entry concerns the WordPress Eventer plugin (up to version 4.4.2) with an insecure password reset mechanism. The root cause is that the plugin stores a plaintext password reset key in the eventer_verification_code (wp_usermeta) when a reset is requested, allowing an attacker to ...

9.8CVSS6AI score0.00267EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago41 views

CVE-2026-9701 Eventer <= 4.4.2 - Insecure Password Reset Mechanism to Unauthenticated Privilege Escalation

The Eventer plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 4.4.2. The plugin stores a plaintext copy of the password reset key in the eventerverificationcode user meta field when a user requests a password reset. The plaintext key...

9.8CVSS0.00267EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-34412

Malicious code in bioql PyPI...

6.4CVSS9.2AI score0.00245EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-34413

Malicious code in bioql PyPI...

5.3CVSS9.2AI score0.0033EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-33437

Malicious code in bioql PyPI...

6.5CVSS8.7AI score0.00714EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.12 views

EUVD-2024-34388

Malicious code in bioql PyPI...

7.5CVSS9.1AI score0.00446EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/14 10:34 a.m.1 views

CVE-2025-39483 WordPress Eventer plugin < 3.9.9.1 - Content Injection vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in imithemes Eventer eventer allows Code Injection.This issue affects Eventer: from n/a through 3.9.9.1...

6.5CVSS4.6AI score0.00249EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/14 10:34 a.m.11 views

CVE-2025-39483 WordPress Eventer plugin < 3.9.9.1 - Content Injection vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in imithemes Eventer eventer allows Code Injection.This issue affects Eventer: from n/a through 3.9.9.1...

6.5CVSS0.00249EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/08/14 12:0 a.m.3 views

WordPress plugin Eventer 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

6.5CVSS5AI score0.00249EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/08/04 12:43 p.m.6 views

WordPress Eventer plugin < 3.9.9.1 - Content Injection vulnerability

Content Injection vulnerability discovered by Bonds in WordPress Plugin Eventer versions 3.9.9.1...

6.5CVSS5AI score0.00249EPSS
Exploits0Affected Software1
OSV
OSV
added 2025/05/16 4:15 p.m.4 views

CVE-2025-39481

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in imithemes Eventer allows Blind SQL Injection.This issue affects Eventer: from n/a before 3.11.4...

9.8CVSS5.8AI score0.00443EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/16 3:45 p.m.44 views

CVE-2025-39481 WordPress Eventer plugin < 3.11.4 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in imithemes Eventer eventer allows Blind SQL Injection.This issue affects Eventer: from n/a through 3.11.4...

9.3CVSS0.00443EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/05/16 12:54 p.m.8 views

WordPress Eventer plugin < 3.11.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Anhchangmutrang in WordPress Plugin Eventer versions 3.11.4...

8.8CVSS8.3AI score0.00434EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2025/05/16 12:0 a.m.4 views

WordPress plugin Eventer 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

8.8CVSS6AI score0.00434EPSS
Exploits0References3
OSV
OSV
added 2025/03/07 9:15 a.m.5 views

CVE-2025-0959

The Eventer - WordPress Event & Booking Manager Plugin plugin for WordPress is vulnerable to SQL Injection via the regid parameter in all versions up to, and including, 3.9.9.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

6.5CVSS5.8AI score0.0041EPSS
Exploits0References2
Rows per page
Query Builder