Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:event_list_project:event_list:0.7.8:*:*:*:*:wordpress:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2022-0418 |
The Event List WordPress plugin before 0.8.8 does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks against other admin even when the unfiltered_html is disallowed Published: May 02, 2022; 12:15:08 PM -0400 |
V3.1: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2017-9429 |
SQL injection vulnerability in the Event List plugin 0.7.8 for WordPress allows an authenticated user to execute arbitrary SQL commands via the id parameter to wp-admin/admin.php. Published: June 13, 2017; 2:29:00 PM -0400 |
V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |