Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
e-dynamics events made easy vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-1905
The Events Made Easy WordPress plugin prior to 2.2.81 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection
E-dynamics Events Made Easy
8.8
CVSSv3
CVE-2023-28660
The Events Made Easy WordPress Plugin, version <= 2.3.14 is affected by an authenticated SQL injection vulnerability in the 'search_name' parameter in the eme_recurrences_list action.
E-dynamics Events Made Easy
8.8
CVSSv3
CVE-2021-25030
The Events Made Easy WordPress plugin prior to 2.2.36 does not sanitise and escape the search_text parameter before using it in a SQL statement via the eme_searchmail AJAX action, available to any authenticated users. As a result, users with a role as low as subscriber can call i...
E-dynamics Events Made Easy
5.4
CVSSv3
CVE-2023-0404
The Events Made Easy plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several functions related to AJAX actions in versions up to, and including, 2.3.16. This makes it possible for authenticated attackers, with subscriber-level permi...
E-dynamics Events Made Easy
4.8
CVSSv3
CVE-2021-24813
The Events Made Easy WordPress plugin prior to 2.2.24 does not sanitise and escape Custom Field Names, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
E-dynamics Events Made Easy
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37884
CVE-2024-6003
remote
brute force
information disclosure
CVE-2024-27801
CVE-2024-30078
CVE-2024-31870
CVE-2024-6042
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started