SQL Injection Vulnerability in Eventer Plugin for WordPress
CVE-2026-9700

7.5HIGH

Key Information:

Vendor

WordPress

Status
Vendor
CVE Published:
8 July 2026

What is CVE-2026-9700?

The Eventer plugin for WordPress is susceptible to time-based SQL Injection attacks through the 'code' parameter in versions up to 4.4.2. Due to inadequate escaping of user input and poor preparation of existing SQL queries, attackers without authentication can inject additional SQL commands into legitimate queries. This vulnerability allows unauthorized individuals to manipulate database requests, potentially leading to the exposure of sensitive data.

Affected Version(s)

Eventer 0 <= 4.4.2

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Rafie Muhammad
.