CVE-2022-3720

The Event Monster WordPress plugin before 1.2.0 does not validate and escape some parameters before using them in SQL statements, which could lead to SQL Injection exploitable by high privilege users
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
WPScanCNA
---
---
CVEADP
---
---
CISA-ADPADP
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 50%
VendorProductVersion
awplifeevent_monster
𝑥
< 1.2.0
𝑥
= Vulnerable software versions
References
https://wpscan.com/vulnerability/0139a23c-4896-4aef-ab56-dcf7f07f01e5
https://wpscan.com/vulnerability/0139a23c-4896-4aef-ab56-dcf7f07f01e5