Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Rsvpmaker
(Carrcommunications)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 14 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-12-29 | CVE-2023-25054 | Improper Control of Generation of Code ('Code Injection') vulnerability in David F. Carr RSVPMaker.This issue affects RSVPMaker: from n/a through 10.6.6. | Rsvpmaker | 9.8 | ||
| 2023-10-31 | CVE-2023-25045 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 9.9.3. | Rsvpmaker | 7.2 | ||
| 2022-05-10 | CVE-2022-1453 | The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-util.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to and including 9.2.5. | Rsvpmaker | 7.5 | ||
| 2022-05-10 | CVE-2022-1505 | The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-api-endpoints.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to and including 9.2.6. | Rsvpmaker | 7.5 | ||
| 2019-08-27 | CVE-2018-21004 | The rsvpmaker plugin before 5.6.4 for WordPress has SQL injection. | Rsvpmaker | 9.8 | ||
| 2019-08-27 | CVE-2019-15646 | The rsvpmaker plugin before 6.2 for WordPress has SQL injection. | Rsvpmaker | 9.8 | ||
| 2021-08-02 | CVE-2021-24371 | The Import feature of the RSVPMaker WordPress plugin before 8.7.3 (/wp-admin/tools.php?page=rsvpmaker_export_screen) takes an URL input and calls curl on it, without first validating it to ensure it's a remote one. As a result, a high privilege user could use that feature to scan the internal network via a SSRF attack. | Rsvpmaker | 2.7 | ||
| 2023-07-10 | CVE-2023-29095 | Auth. (admin+) SQL Injection (SQLi) vulnerability in David F. Carr RSVPMaker plugin < 10.5.5 versions. | Rsvpmaker | 7.2 | ||
| 2023-09-27 | CVE-2023-27616 | Unauth. Stored Cross-Site Scripting (XSS) vulnerability in David F. Carr RSVPMaker plugin <= 10.6.6 versions. | Rsvpmaker | 6.1 | ||
| 2023-09-27 | CVE-2023-27617 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in David F. Carr RSVPMaker plugin <= 10.6.6 versions. | Rsvpmaker | 4.8 |