Total
6 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-29095 | 1 Rsvpmaker Project | 1 Rsvpmaker | 2024-11-21 | N/A | 7.6 HIGH |
| Auth. (admin+) SQL Injection (SQLi) vulnerability in David F. Carr RSVPMaker plugin < 10.5.5 versions. | |||||
| CVE-2022-1505 | 1 Rsvpmaker Project | 1 Rsvpmaker | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-api-endpoints.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to and including 9.2.6. | |||||
| CVE-2022-1453 | 1 Rsvpmaker Project | 1 Rsvpmaker | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-util.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to and including 9.2.5. | |||||
| CVE-2021-24371 | 1 Rsvpmaker Project | 1 Rsvpmaker | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
| The Import feature of the RSVPMaker WordPress plugin before 8.7.3 (/wp-admin/tools.php?page=rsvpmaker_export_screen) takes an URL input and calls curl on it, without first validating it to ensure it's a remote one. As a result, a high privilege user could use that feature to scan the internal network via a SSRF attack. | |||||
| CVE-2019-15646 | 1 Rsvpmaker Project | 1 Rsvpmaker | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The rsvpmaker plugin before 6.2 for WordPress has SQL injection. | |||||
| CVE-2018-21004 | 1 Rsvpmaker Project | 1 Rsvpmaker | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The rsvpmaker plugin before 5.6.4 for WordPress has SQL injection. | |||||