WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Events Manager < 5.9.8 - Admin+ SQL Injection

Description

The plugin does not sanitise and escape a parameter before using it in a SQL statement, leading to an SQL Injection

Affects Plugins

events-manager
Fixed in version 5.9.8

References

CVE
CVE-2020-35012
URL
https://plugins.trac.wordpress.org/changeset/2336019/events-manager

Classification

Type

SQLI

OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Original Researcher

Antony Garand from Godaddy

Verified

Yes

WPVDB ID
323140b1-66c4-4e7d-85a4-1c922e40866f

Timeline

Publicly Published

2020-06-07 (about 2 years ago)

Added

2020-11-30 (about 2 years ago)

Last Updated

2022-04-10 (about 9 months ago)

Our Other Services

WPScan WordPress Security Plugin