Events Manager Plugin Vulnerable5

A non-trivial CSV injection vulnerability was discovered in a popular WordPress plugin called Events Manager v5.9.7.1 (active on 100,000+ websites). This makes the users’ machine vulnerable to remote attackers who can execute arbitrary commands on it. In this Blog-post, we will dive deep into what caused the flaw, an example Proof-Of-Concept showing exploitation in a sandbox environment, and mitigation steps.   Try the WPSec WordPress Vulnerability Scanner > What is the Events Manager Plugin ? According to the official documentation of the plugin, Events Manager is a full-featured event registration plugin for WordPress based on the principles of flexibility, reliability and powerful features! The Events Manager Plugin lets you post event listings on your blog-site. Visitors can make bookings for such events through a[…]