CVE-2022-3720: Event Monster < 1.2.1 - Admin+ SQLi
First published: Mon Nov 21 2022(Updated: )
The Event Monster WordPress plugin before 1.2.0 does not validate and escape some parameters before using them in SQL statements, which could lead to SQL Injection exploitable by high privilege users
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Awplife Event Monster | <1.2.0 | |
| <1.2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2022-3720?
CVE-2022-3720 is a vulnerability in the Event Monster WordPress plugin before version 1.2.0 that allows high privilege users to perform SQL Injection attacks.
What is the severity of CVE-2022-3720?
The severity of CVE-2022-3720 is high with a CVSS score of 7.2.
How does CVE-2022-3720 impact the Event Monster WordPress plugin?
CVE-2022-3720 allows high privilege users to exploit SQL Injection vulnerabilities in the Event Monster WordPress plugin before version 1.2.0.
How can I fix CVE-2022-3720?
To fix CVE-2022-3720, update the Event Monster WordPress plugin to version 1.2.0 or above.
Where can I find more information about CVE-2022-3720?
You can find more information about CVE-2022-3720 at the following reference link: https://wpscan.com/vulnerability/0139a23c-4896-4aef-ab56-dcf7f07f01e5
- collector/nvd-index
- agent/type
- agent/author
- agent/severity
- agent/references
- agent/weakness
- agent/title
- agent/description
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/event
- vendor/awplife
- canonical/awplife event monster