Lucene search

RSVPMaker Security Vulnerabilities

cve

CVE-2023-25054

Improper Control of Generation of Code ('Code Injection') vulnerability in David F. Carr RSVPMaker.This issue affects RSVPMaker: from n/a through...

9.8CVSS

7.3AI Score

0.001EPSS

2023-12-29 09:15 AM

cve

CVE-2023-41652

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker rsvpmaker allows SQL Injection.This issue affects RSVPMaker: from n/a through...

9.8CVSS

8.2AI Score

0.001EPSS

2023-11-03 12:15 PM

cve

CVE-2023-25045

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker allows SQL Injection.This issue affects RSVPMaker: from n/a through...

7.2CVSS

8.3AI Score

0.001EPSS

2023-10-31 02:15 PM

cve

CVE-2023-25047

7.2CVSS

8.3AI Score

0.001EPSS

2023-10-31 02:15 PM

cve

CVE-2023-27617

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in David F. Carr RSVPMaker plugin <= 10.6.6...

4.8CVSS

4.8AI Score

0.0004EPSS

2023-09-27 03:18 PM

cve

CVE-2023-27616

Unauth. Stored Cross-Site Scripting (XSS) vulnerability in David F. Carr RSVPMaker plugin <= 10.6.6...

6.1CVSS

5.8AI Score

0.0005EPSS

2023-09-27 03:18 PM

cve

CVE-2023-29095

Auth. (admin+) SQL Injection (SQLi) vulnerability in David F. Carr RSVPMaker plugin < 10.5.5...

7.2CVSS

8.1AI Score

0.001EPSS

2023-07-10 04:15 PM

cve

CVE-2022-1768

The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to insufficient escaping and parameterization on user supplied data passed to multiple SQL queries in the ~/rsvpmaker-email.php file. This makes it possible for unauthenticated attackers to steal sensitive...

7.5CVSS

7.5AI Score

0.105EPSS

2022-06-13 02:15 PM

cve

CVE-2022-1453

The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-util.php file. This makes it possible for unauthenticated attackers to steal sensitive information from...

7.5CVSS

7.5AI Score

0.001EPSS

2022-05-10 08:15 PM

121

cve

CVE-2022-1505

The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-api-endpoints.php file. This makes it possible for unauthenticated attackers to steal sensitive...

7.5CVSS

7.5AI Score

0.001EPSS

2022-05-10 08:15 PM

2361

cve

CVE-2021-38337

The RSVPMaker Excel WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/phpexcel/PHPExcel/Shared/JAMA/docs/download.php file which allows attackers to inject arbitrary web scripts, in versions up to and including...

6.1CVSS

6AI Score

0.001EPSS

2021-09-10 02:15 PM

cve

CVE-2021-24371

The Import feature of the RSVPMaker WordPress plugin before 8.7.3 (/wp-admin/tools.php?page=rsvpmaker_export_screen) takes an URL input and calls curl on it, without first validating it to ensure it's a remote one. As a result, a high privilege user could use that feature to scan the internal...

2.7CVSS

3.8AI Score

0.001EPSS

2021-08-02 11:15 AM

cve

CVE-2018-21004

The rsvpmaker plugin before 5.6.4 for WordPress has SQL...

9.8CVSS

9.9AI Score

0.002EPSS

2019-08-27 12:15 PM

cve

CVE-2019-15646

The rsvpmaker plugin before 6.2 for WordPress has SQL...

9.8CVSS

9.9AI Score

0.003EPSS

2019-08-27 12:15 PM