59 matches found
VulnCheck KEV: CVE-2022-1768
The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to insufficient escaping and parameterization on user supplied data passed to multiple SQL queries in the /rsvpmaker-email.php file. This makes it possible for unauthenticated attackers to steal sensitive...
CVE-2023-41652 WordPress RSVPMarker Plugin <= 10.6.6 is vulnerable to SQL Injection
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in David F. Carr RSVPMaker rsvpmaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 10.6.6...
WordPress Plugin RSVPMaker SQL Injection Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin RSVPMaker...
WordPress Plugin RSVPMaker SQL Injection Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin RSVPMaker...
CVE-2023-27616
Unauth. Stored Cross-Site Scripting XSS vulnerability in David F. Carr RSVPMaker plugin = 10.6.6 versions...
CVE-2023-27617
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in David F. Carr RSVPMaker plugin = 10.6.6 versions...
CVE-2023-27617
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in David F. Carr RSVPMaker plugin = 10.6.6 versions...
CVE-2023-27616
Unauth. Stored Cross-Site Scripting XSS vulnerability in David F. Carr RSVPMaker plugin = 10.6.6 versions...
Cross site scripting
Unauth. Stored Cross-Site Scripting XSS vulnerability in David F. Carr RSVPMaker plugin = 10.6.6 versions...
Cross site scripting
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in David F. Carr RSVPMaker plugin = 10.6.6 versions...
CVE-2023-27616
CVE-2023-27616 concerns the WordPress RSVPMaker plugin. Connected data confirms an unauthenticated stored XSS vulnerability in RSVPMaker versions <= 10.6.6, with CVE-2023-27616. The issue stems from inadequate escaping/validation, enabling a malicious user to inject script that could be stored...
CVE-2023-27616 WordPress RSVPMarker Plugin <= 10.6.6 is vulnerable to Cross Site Scripting (XSS)
Unauth. Stored Cross-Site Scripting XSS vulnerability in David F. Carr RSVPMaker plugin = 10.6.6 versions...
CVE-2023-27617 WordPress RSVPMarker Plugin <= 10.6.6 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in David F. Carr RSVPMaker plugin = 10.6.6 versions...
WordPress plugin RSVPMaker Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
PT-2023-21255 · David F. Carr · Rsvpmaker Plugin
Name of the Vulnerable Software and Affected Versions: David F. Carr RSVPMaker plugin versions = 10.6.6 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that affects authenticated administrators. This type of vulnerability allows an attacker to inject malicious...
CVE-2023-29095
Auth. admin+ SQL Injection SQLi vulnerability in David F. Carr RSVPMaker plugin 10.5.5 versions...
CVE-2023-29095
Auth. admin+ SQL Injection SQLi vulnerability in David F. Carr RSVPMaker plugin 10.5.5 versions...
Sql injection
Auth. admin+ SQL Injection SQLi vulnerability in David F. Carr RSVPMaker plugin 10.5.5 versions...
PT-2023-22143 · David F. Carr · Rsvpmaker Plugin
Name of the Vulnerable Software and Affected Versions: David F. Carr RSVPMaker plugin versions prior to 10.5.5 Description: The issue is related to an SQL Injection vulnerability in the David F. Carr RSVPMaker plugin. This vulnerability can be exploited by an attacker with admin+ privileges...
Sql injection
The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to insufficient escaping and parameterization on user supplied data passed to multiple SQL queries in the /rsvpmaker-email.php file. This makes it possible for unauthenticated attackers to steal sensitive...