Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Rsvpmaker
(Carrcommunications)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 14 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-08-02 | CVE-2021-24371 | The Import feature of the RSVPMaker WordPress plugin before 8.7.3 (/wp-admin/tools.php?page=rsvpmaker_export_screen) takes an URL input and calls curl on it, without first validating it to ensure it's a remote one. As a result, a high privilege user could use that feature to scan the internal network via a SSRF attack. | Rsvpmaker | 2.7 | ||
| 2023-07-10 | CVE-2023-29095 | Auth. (admin+) SQL Injection (SQLi) vulnerability in David F. Carr RSVPMaker plugin < 10.5.5 versions. | Rsvpmaker | 7.2 | ||
| 2023-09-27 | CVE-2023-27616 | Unauth. Stored Cross-Site Scripting (XSS) vulnerability in David F. Carr RSVPMaker plugin <= 10.6.6 versions. | Rsvpmaker | 6.1 | ||
| 2023-09-27 | CVE-2023-27617 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in David F. Carr RSVPMaker plugin <= 10.6.6 versions. | Rsvpmaker | 4.8 |