CVE-2022-0478

Name of the Vulnerable Software and Affected Versions The Event Manager and Tickets Selling for WooCommerce WordPress plugin versions prior to 3.5.8

Description The issue concerns a lack of validation and escaping for the post author gutenberg parameter in SQL statements when creating or editing events. This could allow users with a role as low as contributor to perform SQL Injection attacks.

Recommendations For versions prior to 3.5.8, update to version 3.5.8 or later to resolve the issue. As a temporary workaround, consider restricting the ability to create or edit events to higher roles until the update can be applied.