CVE-2022-1905

CVE-2022-1905: Events Made Easy < 2.2.81 - Unauthenticated SQLi

Vendor Unknown

Product Events Made Easy

Weakness CWE-89 · SQLi

Published June 20, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Events Made Easy WordPress plugin before 2.2.81 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection

Key dates

02Disclosure timeline

June 20, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-1905 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

04Related CVE

CVE-2026-5554 code-projects Concert Ticket Reservation System Parameter process_search.php sql injection CVE-2025-64488 SuiteCRM: Authenticated SQL Injection Possible in Reschedule Call Module CVE-2023-3898 SQLi in mAyaNets E-Commerce Software CVE-2015-10023 Fumon trello-octometric srv.go main sql injection CVE-2023-3068 Campcodes Retro Cellphone Online Store modal_add_product.php sql injection