The Event List plugin for WordPress is not secure in versions before 0.7.9. An attacker who is logged in to the WordPress site can use this vulnerability to steal sensitive information from the database. The problem is caused by the plugin not correctly handling a user-supplied parameter and not preparing an existing SQL query properly.
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
