cvedb.io
CVE-2022-1194
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2022-09-16T09:15:10.177 · Last modified 2026-06-17T04:21:59.373

Summary

The Mobile Events Manager WordPress plugin before 1.4.8 does not properly escape the Enquiry source field when exporting events, or the Paid for field when exporting transactions as CSV, leading to a CSV injection vulnerability.

Affected products

mobileeventsmanager — mobile_events_manager

Does this affect you?

Add your gear to cvedb and we'll alert you only when mobileeventsmanager ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.