SQL Injection Vulnerability in Eventer Plugin for WordPress
CVE-2026-9700
7.5HIGH
What is CVE-2026-9700?
The Eventer plugin for WordPress is susceptible to time-based SQL Injection attacks through the 'code' parameter in versions up to 4.4.2. Due to inadequate escaping of user input and poor preparation of existing SQL queries, attackers without authentication can inject additional SQL commands into legitimate queries. This vulnerability allows unauthorized individuals to manipulate database requests, potentially leading to the exposure of sensitive data.
Affected Version(s)
Eventer 0 <= 4.4.2