Описание
The Event Monster WordPress plugin before 1.2.0 does not validate and escape some parameters before using them in SQL statements, which could lead to SQL Injection exploitable by high privilege users
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.2.0 (исключая)
cpe:2.3:a:awplife:event_monster:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 73%
0.00746
Низкий
7.2 High
CVSS3
Дефекты
Связанные уязвимости
CVSS3: 7.2
github
около 3 лет назад
The Event Monster WordPress plugin before 1.2.0 does not validate and escape some parameters before using them in SQL statements, which could lead to SQL Injection exploitable by high privilege users
EPSS
Процентиль: 73%
0.00746
Низкий
7.2 High
CVSS3