Rsvpmaker@* Security Vulnerabilities and Issues — Rsvpmaker@* CVE List

Lucene search

CarrcommunicationsRsvpmaker*

14 matches found

CVE•added 2022/05/10 8:15 p.m.•2376 views

CVE-2022-1505

The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-api-endpoints.php file. This makes it possible for unauthenticated attackers to steal sensitive information...

9.8CVSS7.5AI score0.0343EPSS

CVE•added 2022/05/10 8:15 p.m.•139 views

CVE-2022-1453

The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-util.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the...

9.8CVSS7.4AI score0.06415EPSS

CVE•added 2022/06/13 2:15 p.m.•89 views

CVE-2022-1768

The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to insufficient escaping and parameterization on user supplied data passed to multiple SQL queries in the ~/rsvpmaker-email.php file. This makes it possible for unauthenticated attackers to steal sensitive informa...

9.8CVSS7.4AI score0.82706EPSS

In wildWeb

CVE•added 2019/08/27 12:15 p.m.•45 views

CVE-2018-21004

The rsvpmaker plugin before 5.6.4 for WordPress has SQL injection.

9.8CVSS9.9AI score0.00652EPSS

CVE•added 2023/12/29 9:15 a.m.•44 views

CVE-2023-25054

Improper Control of Generation of Code ('Code Injection') vulnerability in David F. Carr RSVPMaker.This issue affects RSVPMaker: from n/a through 10.6.6.

10CVSS9.7AI score0.00692EPSS

CVE•added 2021/08/02 11:15 a.m.•40 views

CVE-2021-24371

The Import feature of the RSVPMaker WordPress plugin before 8.7.3 (/wp-admin/tools.php?page=rsvpmaker_export_screen) takes an URL input and calls curl on it, without first validating it to ensure it's a remote one. As a result, a high privilege user could use that feature to scan the internal netwo...

4CVSS3.5AI score0.00224EPSS

Web

CVE•added 2023/11/03 12:15 p.m.•39 views

CVE-2023-41652

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker rsvpmaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 10.6.6.

9.8CVSS9.9AI score0.06129EPSS

Web

CVE•added 2024/11/04 2:15 p.m.•39 views

CVE-2024-50531

Unrestricted Upload of File with Dangerous Type vulnerability in David F. Carr RSVPMaker for Toastmasters allows Upload a Web Shell to a Web Server.This issue affects RSVPMaker for Toastmasters: from n/a through 6.2.4.

10CVSS9.5AI score0.00459EPSS

CVE•added 2019/08/27 12:15 p.m.•37 views

CVE-2019-15646

The rsvpmaker plugin before 6.2 for WordPress has SQL injection.

9.8CVSS9.9AI score0.00652EPSS

CVE•added 2023/09/27 3:18 p.m.•31 views

CVE-2023-27617

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in David F. Carr RSVPMaker plugin

5.9CVSS5AI score0.00116EPSS

CVE•added 2023/10/31 2:15 p.m.•28 views

CVE-2023-25045

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 9.9.3.

7.2CVSS7.1AI score0.00307EPSS

CVE•added 2023/09/27 3:18 p.m.•26 views

CVE-2023-27616

Unauth. Stored Cross-Site Scripting (XSS) vulnerability in David F. Carr RSVPMaker plugin

7.1CVSS5.8AI score0.00167EPSS

CVE•added 2023/07/10 4:15 p.m.•24 views

CVE-2023-29095

Auth. (admin+) SQL Injection (SQLi) vulnerability in David F. Carr RSVPMaker plugin

7.6CVSS7.8AI score0.00164EPSS

CVE•added 2023/10/31 2:15 p.m.•20 views

CVE-2023-25047

7.2CVSS7.3AI score0.00417EPSS