Critical severityNVD Advisory· Published Jun 12, 2025· Updated Apr 15, 2026

CVE-2025-49467

Description

A SQL injection vulnerability in JEvents component before 3.6.88 and 3.6.82.1 for Joomla was discovered. The extension is vulnerable to SQL injection via publicly accessible actions to list events by date ranges.

Affected products

WordPress/Jeventsinferred
Package: https://wordpress.org/plugins/jevents

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

jevents.netnvd

News mentions

No linked articles in our index yet.

cvss	0.585
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000