Vulnerabilities > E Dynamics > Events Made Easy > 2.3.8

DATE CVE VULNERABILITY TITLE RISK
2023-03-22 CVE-2023-28660 SQL Injection vulnerability in E-Dynamics Events Made Easy
The Events Made Easy WordPress Plugin, version <= 2.3.14 is affected by an authenticated SQL injection vulnerability in the 'search_name' parameter in the eme_recurrences_list action.
network
low complexity
e-dynamics CWE-89
8.8
8.8
2023-01-19 CVE-2023-0404 Missing Authorization vulnerability in E-Dynamics Events Made Easy
The Events Made Easy plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several functions related to AJAX actions in versions up to, and including, 2.3.16.
network
low complexity
e-dynamics CWE-862
5.4
5.4