CVE-2025-39481

Critical CVSS: 9.8

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in imithemes Eventer eventer allows Blind SQL Injection.This issue affects Eventer: from n/a through < 3.11.4.

Vendor

Imithemes

Product

Eventer

CWE

CWE-89

Yayın Tarihi

2025-05-16 16:15:40

Güncelleme

2026-04-01 17:23:10

Source Identifier

audit@patchstack.com

KEV Date Added

Kategoriler

CWE-89 Eventer CRITICAL Imithemes 2025

Referanslar

https://patchstack.com/database/Wordpress/Plugin/eventer/vulnerability/wordpress-eventer-wordpress-event-booking-manager-plugin-plugin-3-9-6-sql-injection-vulnerability?_s_id=cve

Benzer Kayıtlar

High

CVE-2025-39482

Missing Authorization vulnerability in imithemes Eventer eventer allows Exploiting Incorrectly Configured Access Control…

High

CVE-2025-0959

The Eventer - WordPress Event & Booking Manager Plugin plugin for WordPress is vulnerable to SQL Injection via the reg_i…

Medium

CVE-2025-22635

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in imithemes Eventer…

Medium

CVE-2024-11132

The Eventer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and incl…

Medium

CVE-2024-11133

The Eventer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the '…

Medium

CVE-2024-11134

The Eventer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the '…