The EventON-RSVP WordPress plugin before 2.9.5 does not sanitise and escape some parameters before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as...
6.1CVSS
6AI Score
0.0005EPSS
The RSVP and Event Management Plugin WordPress plugin before 2.7.8 does not have any authorisation checks when exporting its entries, and has the export function hooked to the init action. As a result, unauthenticated attackers could call it and retrieve PII such as first name, last name and email....
5.3CVSS
5.3AI Score
0.003EPSS
The rsvp plugin before 2.3.8 for WordPress has persistent XSS via the note field on the attendee-list...
6.1CVSS
6AI Score
0.001EPSS
Cross Site Request Forgery (CSRF) exists in RSVP Invitation Online 1.0 via function/account.php, as demonstrated by modifying the admin...
8.8CVSS
8.8AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in Event Registration allows remote attackers to inject arbitrary web script or HTML via the (1) event_id parameter to view-event-details.php or (2) select_events parameter to event-registration.php. NOTE: the provenance of this information is unknown; the.....
5.8AI Score
0.008EPSS