CVE-2022-1505

The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-api-endpoints.php file. This makes it possible for unauthenticated attackers to steal sensitive information...

CVE-2022-1453

The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-util.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the...

CVE-2018-21004

The rsvpmaker plugin before 5.6.4 for WordPress has SQL injection.

CVE-2021-24371

The Import feature of the RSVPMaker WordPress plugin before 8.7.3 (/wp-admin/tools.php?page=rsvpmaker_export_screen) takes an URL input and calls curl on it, without first validating it to ensure it's a remote one. As a result, a high privilege user could use that feature to scan the internal netwo...

CVE-2024-50531

Unrestricted Upload of File with Dangerous Type vulnerability in David F. Carr RSVPMaker for Toastmasters allows Upload a Web Shell to a Web Server.This issue affects RSVPMaker for Toastmasters: from n/a through 6.2.4.

CVE-2019-15646

The rsvpmaker plugin before 6.2 for WordPress has SQL injection.

CVE-2023-27617

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in David F. Carr RSVPMaker plugin

CVE-2023-27616

Unauth. Stored Cross-Site Scripting (XSS) vulnerability in David F. Carr RSVPMaker plugin

CVE-2023-29095

Auth. (admin+) SQL Injection (SQLi) vulnerability in David F. Carr RSVPMaker plugin