4 matches found
CVE-2022-1505
The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-api-endpoints.php file. This makes it possible for unauthenticated attackers to steal sensitive informati...
Sql injection
The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to insufficient escaping and parameterization on user supplied data passed to multiple SQL queries in the /rsvpmaker-email.php file. This makes it possible for unauthenticated attackers to steal sensitive...
CVE-2022-1505 RSVPMaker <= 9.2.6 - Unauthenticated SQL Injection
The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-api-endpoints.php file. This makes it possible for unauthenticated attackers to steal sensitive informati...
CVE-2022-1505
The RSVPMaker WordPress plugin has an unauthenticated SQL Injection in rsvpmaker-api-endpoints.php (and related ~rsvpmaker-email.php) due to insufficient escaping/parameterization. Affects versions up to 9.2.6 per CVE-2022-1505; impact is disclosure of database data. Connected sources reiterate t...