Vulnerability in wordpress plugin Event Expresso Free v3.1.37.11.L, The function edit_event_category does not sanitize user-supplied input via the $id parameter before passing it into an SQL statement.Referenceshttps://wordpress.org/plugins/event-espresso-free/http://www.vapidlabs.com/advisory.php?v=197
