Event Monster < 1.2.1 - Admin+ SQLi
Description
The Event Monster WordPress plugin before 1.2.0 contains an SQL injection vulnerability exploitable by high-privilege users, allowing unauthorized database access.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
The Event Monster WordPress plugin before 1.2.0 contains an SQL injection vulnerability exploitable by high-privilege users, allowing unauthorized database access.
Vulnerability
The Event Monster WordPress plugin versions before 1.2.0 fail to validate and escape parameters used in SQL statements, leading to a SQL injection vulnerability [1]. The flaw affects the plugin's handling of user-supplied input in administrative functions.
Exploitation
An attacker must have high-privilege access (e.g., Administrator) to the WordPress site. The attacker can inject malicious SQL queries through unvalidated parameters, potentially extracting or modifying database contents [1].
Impact
Successful exploitation allows an attacker to read, modify, or delete arbitrary data in the WordPress database, including user credentials and sensitive information, compromising the site's confidentiality and integrity [1].
Mitigation
The vulnerability is fixed in version 1.2.1 of the Event Monster plugin [1]. Users should update to the latest version immediately. No workarounds are documented.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- WordPress/Event Monsterdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- wpscan.com/vulnerability/0139a23c-4896-4aef-ab56-dcf7f07f01e5mitreexploitvdb-entrytechnical-description
News mentions
0No linked articles in our index yet.