The WP Events plugin for WordPress is vulnerable to a type of attack known as SQL Injection up to version 2.3.4. This means that an attacker, who has already logged in, can add malicious code to a URL which can be used to access sensitive information stored in the database. The plugin has not been properly secured to prevent this type of attack from happening.
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
