Intrusion Prevention

Wordpress.Plugin.EVENTS.MANAGER.CSV.Injection

Description

This indicates the detection of a CSV Injection vulnerability in WordPress plugin EVENTS MANAGER.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application. A remote attacker may be able to exploit this to execute arbitrary code within the context of the application.

Affected Products

EVENTS MANAGER 5.9.7.1 and before.

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Upgrade to EVENTS MANAGER 5.9.7.2.
https://wp-events-plugin.com/blog/2020/02/05/events-manager-5-9-7-2-pro-2-6-7-2/