{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-14T23:52:34.396","vulnerabilities":[{"cve":{"id":"CVE-2026-2429","sourceIdentifier":"security@wordfence.com","published":"2026-03-07T02:16:12.257","lastModified":"2026-04-22T21:27:27.950","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Community Events plugin for WordPress is vulnerable to SQL Injection via the 'ce_venue_name' CSV field in the `on_save_changes_venues` function in all versions up to, and including, 1.5.8. This is due to insufficient escaping on the user-supplied CSV data and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database via a crafted CSV file upload."},{"lang":"es","value":"El plugin Community Events para WordPress es vulnerable a inyección SQL a través del campo CSV 'ce_venue_name' en la función 'on_save_changes_venues' en todas las versiones hasta la 1.5.8, inclusive. Esto se debe a un escape insuficiente en los datos CSV proporcionados por el usuario y a la falta de preparación suficiente en la consulta SQL existente. Esto hace posible que atacantes autenticados, con acceso de nivel de Administrador y superior, añadan consultas SQL adicionales a consultas ya existentes que pueden usarse para extraer información sensible de la base de datos a través de la carga de un archivo CSV manipulado."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/community-events/tags/1.5.7/community-events.php#L743","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/community-events/trunk/community-events.php#L743","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3462021%40community-events&new=3462021%40community-events&sfp_email=&sfph_mail=","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/bd184c80-e785-4e9b-961d-9c3378688f91?source=cve","source":"security@wordfence.com"}]}}]}