CVE-2021-25030
Published: 03 January 2022
Summary
CVE-2021-25030 is a high-severity SQL Injection (CWE-89) vulnerability in E-Dynamics Events Made Easy. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 23.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-11942
Vulnerability details
The Events Made Easy WordPress plugin before 2.2.36 does not sanitise and escape the search_text parameter before using it in a SQL statement via the eme_searchmail AJAX action, available to any authenticated users. As a result, users with a role…
more
as low as subscriber can call it and perform SQL injection attacks
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.