CVE-2022-1905

Name of the Vulnerable Software and Affected Versions Events Made Easy WordPress plugin versions prior to 2.2.81

Description The issue is related to a SQL injection problem. It occurs because the plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users. This could allow a remote attacker to execute arbitrary SQL queries.

Recommendations For versions prior to 2.2.81, update to version 2.2.81 or later to resolve the issue. As a temporary workaround, consider restricting access to the AJAX action to prevent exploitation until the update can be applied.