Product:

Rsvpmaker

(Carrcommunications)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 14
Date Id Summary Products Score Patch Annotated
2024-11-04 CVE-2024-50531 Unrestricted Upload of File with Dangerous Type vulnerability in David F. Carr RSVPMaker for Toastmasters allows Upload a Web Shell to a Web Server.This issue affects RSVPMaker for Toastmasters: from n/a through 6.2.4. Rsvpmaker 9.8
2023-10-31 CVE-2023-25047 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker rsvpmaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 9.9.3. Rsvpmaker 7.2
2023-11-03 CVE-2023-41652 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker rsvpmaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 10.6.6. Rsvpmaker 9.8
2022-06-13 CVE-2022-1768 The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to insufficient escaping and parameterization on user supplied data passed to multiple SQL queries in the ~/rsvpmaker-email.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to, and including, 9.3.2. Please note that this is separate from CVE-2022-1453 & CVE-2022-1505. Rsvpmaker 7.5
2023-12-29 CVE-2023-25054 Improper Control of Generation of Code ('Code Injection') vulnerability in David F. Carr RSVPMaker.This issue affects RSVPMaker: from n/a through 10.6.6. Rsvpmaker 9.8
2023-10-31 CVE-2023-25045 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 9.9.3. Rsvpmaker 7.2
2022-05-10 CVE-2022-1453 The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-util.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to and including 9.2.5. Rsvpmaker 7.5
2022-05-10 CVE-2022-1505 The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-api-endpoints.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to and including 9.2.6. Rsvpmaker 7.5
2019-08-27 CVE-2018-21004 The rsvpmaker plugin before 5.6.4 for WordPress has SQL injection. Rsvpmaker 9.8
2019-08-27 CVE-2019-15646 The rsvpmaker plugin before 6.2 for WordPress has SQL injection. Rsvpmaker 9.8