Lucene search

K
CarrcommunicationsRsvpmaker

14 matches found

CVE
CVE
added 2022/05/10 8:15 p.m.2374 views

CVE-2022-1505

The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-api-endpoints.php file. This makes it possible for unauthenticated attackers to steal sensitive information...

9.8CVSS7.5AI score0.0343EPSS
CVE
CVE
added 2022/05/10 8:15 p.m.137 views

CVE-2022-1453

The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-util.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the...

9.8CVSS7.4AI score0.06415EPSS
CVE
CVE
added 2022/06/13 2:15 p.m.86 views

CVE-2022-1768

The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to insufficient escaping and parameterization on user supplied data passed to multiple SQL queries in the ~/rsvpmaker-email.php file. This makes it possible for unauthenticated attackers to steal sensitive informa...

9.8CVSS7.4AI score0.82706EPSS
CVE
CVE
added 2019/08/27 12:15 p.m.44 views

CVE-2018-21004

The rsvpmaker plugin before 5.6.4 for WordPress has SQL injection.

9.8CVSS9.9AI score0.00652EPSS
CVE
CVE
added 2023/12/29 9:15 a.m.43 views

CVE-2023-25054

Improper Control of Generation of Code ('Code Injection') vulnerability in David F. Carr RSVPMaker.This issue affects RSVPMaker: from n/a through 10.6.6.

10CVSS9.7AI score0.00692EPSS
CVE
CVE
added 2021/08/02 11:15 a.m.39 views

CVE-2021-24371

The Import feature of the RSVPMaker WordPress plugin before 8.7.3 (/wp-admin/tools.php?page=rsvpmaker_export_screen) takes an URL input and calls curl on it, without first validating it to ensure it's a remote one. As a result, a high privilege user could use that feature to scan the internal netwo...

4CVSS3.5AI score0.00224EPSS
CVE
CVE
added 2024/11/04 2:15 p.m.38 views

CVE-2024-50531

Unrestricted Upload of File with Dangerous Type vulnerability in David F. Carr RSVPMaker for Toastmasters allows Upload a Web Shell to a Web Server.This issue affects RSVPMaker for Toastmasters: from n/a through 6.2.4.

10CVSS9.5AI score0.00324EPSS
CVE
CVE
added 2019/08/27 12:15 p.m.36 views

CVE-2019-15646

The rsvpmaker plugin before 6.2 for WordPress has SQL injection.

9.8CVSS9.9AI score0.00652EPSS
CVE
CVE
added 2023/11/03 12:15 p.m.35 views

CVE-2023-41652

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker rsvpmaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 10.6.6.

9.8CVSS9.9AI score0.06129EPSS
CVE
CVE
added 2023/09/27 3:18 p.m.30 views

CVE-2023-27617

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in David F. Carr RSVPMaker plugin

5.9CVSS5AI score0.00116EPSS
CVE
CVE
added 2023/10/31 2:15 p.m.27 views

CVE-2023-25045

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 9.9.3.

7.2CVSS7.1AI score0.00307EPSS
CVE
CVE
added 2023/09/27 3:18 p.m.24 views

CVE-2023-27616

Unauth. Stored Cross-Site Scripting (XSS) vulnerability in David F. Carr RSVPMaker plugin

7.1CVSS5.8AI score0.00167EPSS
CVE
CVE
added 2023/07/10 4:15 p.m.23 views

CVE-2023-29095

Auth. (admin+) SQL Injection (SQLi) vulnerability in David F. Carr RSVPMaker plugin

7.6CVSS7.8AI score0.00164EPSS
CVE
CVE
added 2023/10/31 2:15 p.m.19 views

CVE-2023-25047

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker rsvpmaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 9.9.3.

7.2CVSS7.3AI score0.00417EPSS