PT-2023-21882 · WordPress · Events Made Easy Wordpress Plugin

Joshua Martinelle

Publicado

2023-03-22

Atualizado

2023-03-28

CVE-2023-28660

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Events Made Easy WordPress Plugin version <= 2.3.14

Description The issue is an authenticated SQL injection vulnerability. It affects the search name parameter in the eme recurrences list action.

Recommendations For Events Made Easy WordPress Plugin version <= 2.3.14, update to a version greater than 2.3.14 to resolve the issue. As a temporary workaround, consider restricting access to the eme recurrences list action to minimize the risk of exploitation. Avoid using the search name parameter in the affected action until the issue is resolved.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2023-28660

Produtos afetados

Events Made Easy Wordpress Plugin

PT-2023-21882 · WordPress · Events Made Easy Wordpress Plugin

CVE-2023-28660

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4