4 matches found
EUVD-2021-11725
Malware in sbrugna...
EUVD-2023-12463
Malicious code in bioql PyPI...
CVE-2021-25030
The Events Made Easy WordPress plugin before 2.2.36 does not sanitise and escape the searchtext parameter before using it in a SQL statement via the emesearchmail AJAX action, available to any authenticated users. As a result, users with a role as low as subscriber can call it and perform SQL...
WordPress Events Made Easy Plugin <= 2.3.14 is vulnerable to SQL Injection
Software Events Made Easy Type Plugin Vulnerable versions = 2.3.14 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-28660 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID b6f80ca22af2 Credits Joshua Martinelle Tenable Research Required...