WordPress · Events Manager · CVE-2020-35012
Name of the Vulnerable Software and Affected Versions:
Events Manager WordPress plugin versions prior to 5.9.8
Description:
The issue is related to an SQL Injection. The problem arises because a parameter is not properly sanitised and escaped before being used in a SQL statement.
Recommendations:
For versions prior to 5.9.8, update to version 5.9.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin until the update is applied.