Lucene search
+L
E-dynamicsEvents Made Easy

5 matches found

CVE
CVE
added 2022/06/20 10:26 a.m.78 views

CVE-2022-1905

The CVE-2022-1905 entry documents an SQL injection in the WordPress plugin “Events Made Easy” before version 2.2.81. The vulnerability arises from improper sanitisation and escaping of a parameter used in a SQL statement via an unauthenticated AJAX action, allowing an attacker to inject SQL. The ...

9.8CVSS9.9AI score0.37369EPSS
Web
CVE
CVE
added 2023/03/22 12:0 a.m.77 views

CVE-2023-28660

CVE-2023-28660 affects the WordPress Events Made Easy plugin (versions ≤ 2.3.14). The vulnerability is an authenticated SQL injection in the eme_recurrences_list action via the search_name parameter, enabling SQLi with the attacker’s authenticated session. CVSSv3 base 8.8 (HIGH) reflects impact o...

8.8CVSS8.9AI score0.00872EPSS
Web
CVE
CVE
added 2022/01/03 12:49 p.m.60 views

CVE-2021-25030

CVE-2021-25030 : The WordPress plugin Events Made Easy (before 2.2.36) fails to sanitize and escape the search_text parameter used in the eme_searchmail AJAX action, enabling SQL injection when called by any authenticated user (e.g., roles as low as a subscriber). The vulnerability stems from imp...

8.8CVSS8.9AI score0.01562EPSS
Web
CVE
CVE
added 2021/11/01 8:46 a.m.57 views

CVE-2021-24813

CVE-2021-24813 affects the WordPress plugin Events Made Easy prior to version 2.2.24. The vulnerability arises from insufficient sanitisation/escaping of Custom Field Names in the form field handling, enabling an authenticated, high-privilege user to perform stored XSS even if unfiltered_html is ...

4.8CVSS4.7AI score0.00681EPSS
Web
CVE
CVE
added 2023/01/19 2:25 p.m.56 views

CVE-2023-0404

CVE-2023-0404 affects the Events Made Easy WordPress plugin (versions up to and including 2.3.16). The root cause is a missing capability check on several AJAX-related functions, enabling authenticated users with subscriber-level permissions and above to call administrator-only actions. Impact is...

5.4CVSS5.2AI score0.00518EPSS