High severity8.8NVD Advisory· Published Jan 3, 2022· Updated Jun 17, 2026
CVE-2021-25030
CVE-2021-25030
Description
The Events Made Easy WordPress plugin before 2.2.36 does not sanitise and escape the search_text parameter before using it in a SQL statement via the eme_searchmail AJAX action, available to any authenticated users. As a result, users with a role as low as subscriber can call it and perform SQL injection attacks
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Events Made Easydescription
- Range: <2.2.36
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/bc7058b1-ca93-4c45-9ced-7848c7ae4150nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.