Rsvp Security Vulnerabilities

CVE-2023-7170

The EventON-RSVP WordPress plugin before 2.9.5 does not sanitise and escape some parameters before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as...

CVE-2022-1054

The RSVP and Event Management Plugin WordPress plugin before 2.7.8 does not have any authorisation checks when exporting its entries, and has the export function hooked to the init action. As a result, unauthenticated attackers could call it and retrieve PII such as first name, last name and email....

CVE-2017-18563

The rsvp plugin before 2.3.8 for WordPress has persistent XSS via the note field on the attendee-list...

CVE-2018-5976

Cross Site Request Forgery (CSRF) exists in RSVP Invitation Online 1.0 via function/account.php, as demonstrated by modifying the admin...

CVE-2006-3052

Cross-site scripting (XSS) vulnerability in Event Registration allows remote attackers to inject arbitrary web script or HTML via the (1) event_id parameter to view-event-details.php or (2) select_events parameter to event-registration.php. NOTE: the provenance of this information is unknown; the.....