WordPress Plugin Vulnerabilities

eventr 1.02.2 - Blind SQL Injection

Description

The eventr WordPress plugin was affected by a Blind SQL Injection security vulnerability.

Affects Plugins

Plugin icon
eventr
No known fix

References

CVE
CVE-2017-1002018
CVE
CVE-2017-1002019
URL
https://www.openwall.com/lists/oss-security/2017/05/30/3
URL
http://www.vapidlabs.com/advisory.php?v=192

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
9.8 (critical)

Miscellaneous

Submitter
firefart
Submitter website
https://firefart.at/
Submitter twitter
_FireFart_
Verified
No
WPVDB ID
a542923d-7300-4d12-b0ab-867dec172086

Timeline

Publicly Published
2017-05-31 (about 8 years ago)
Added
2017-05-31 (about 8 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2018-01-01
Title
Smart Google Code Inserter <= 3.4 - Unauthenticated SQL Injection
Published
2025-12-14
Title
Accordion Slider PRO < 1.3 - Authenticated (Contributor+) SQL Injection
Published
2021-06-29
Title
Popup Like box - Page Plugin < 3.5.3 - Authenticated Blind SQL Injections
Published
2025-02-11
Title
ShipEngine Shipping Quotes < 1.0.8 - Unauthenticated SQL Injection
Published
2023-03-22
Title
Waiting: One-click Countdowns <= 0.6.2 - Subscriber+ SQLi