cleantalk
Vulnerabilities and Security Researches

Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin, CVE-2022-0478

CVE, Research URL

CVE-2022-0478

Home page URL

Security reports for Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin

Application

Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin

Published on
Mar 14, 2022
Research Description
The Event Manager and Tickets Selling for WooCommerce WordPress plugin before 3.5.8 does not validate and escape the post_author_gutenberg parameter before using it in a SQL statement when creating/editing events, which could allow users with a role as low as contributor to perform SQL Injection attacks
Affected versions
Min -, max 3.5.3.
Status
vulnerable
Previous vulnerability researches
Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin (CVE-2025-5568) , Jun 17, 2025
Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin (CVE-2025-30887) , Apr 02, 2025
Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin (CVE-2025-30895) , Apr 02, 2025
Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin (CVE-2024-49703) , Oct 25, 2024
Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin (CVE-2024-43138) , Aug 12, 2024
New vulnerability
YITH PayPal Express Checkout for WooCommerce (CVE-2025-48111) , Jun 18, 2025
WordPress Infinite Scroll – Ajax Load More (CVE-2025-4775) , Jun 18, 2025
PostaPanduri (CVE-2025-49452) , Jun 18, 2025
Ivory Search – WordPress Search Plugin (CVE-2025-5209) , Jun 18, 2025
Drag and Drop Multiple File Upload – Contact Form 7 (CVE-2025-3515) , Jun 18, 2025