Vulnerabilities and security researches forrsvpmaker rsvpmaker

Jun 07, 2024

CVE, Research URL: CVE-2023-25047
Home page URL: Security reports for RSVPMaker
Application: RSVPMaker
Date: Oct 31, 2023
Research Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker rsvpmaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 9.9.3.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2019-15646
Home page URL: Security reports for RSVPMaker
Application: RSVPMaker
Date: Aug 27, 2019
Research Description: The rsvpmaker plugin before 6.2 for WordPress has SQL injection.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2022-1768
Home page URL: Security reports for RSVPMaker
Application: RSVPMaker
Date: Jun 13, 2022
Research Description: The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to insufficient escaping and parameterization on user supplied data passed to multiple SQL queries in the ~/rsvpmaker-email.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to, and including, 9.3.2. Please note that this is separate from CVE-2022-1453 & CVE-2022-1505.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2018-21004
Home page URL: Security reports for RSVPMaker
Application: RSVPMaker
Date: Aug 27, 2019
Research Description: The rsvpmaker plugin before 5.6.4 for WordPress has SQL injection.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2022-1505
Home page URL: Security reports for RSVPMaker
Application: RSVPMaker
Date: May 11, 2022
Research Description: The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-api-endpoints.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to and including 9.2.6.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2022-1453
Home page URL: Security reports for RSVPMaker
Application: RSVPMaker
Date: May 11, 2022
Research Description: The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-util.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to and including 9.2.5.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2021-24371
Home page URL: Security reports for RSVPMaker
Application: RSVPMaker
Date: Aug 02, 2021
Research Description: The Import feature of the RSVPMaker WordPress plugin before 8.7.3 (/wp-admin/tools.php?page=rsvpmaker_export_screen) takes an URL input and calls curl on it, without first validating it to ensure it's a remote one. As a result, a high privilege user could use that feature to scan the internal network via a SSRF attack.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-29095
Home page URL: Security reports for RSVPMaker
Application: RSVPMaker
Date: Jul 10, 2023
Research Description: Auth. (admin+) SQL Injection (SQLi) vulnerability in David F. Carr RSVPMaker plugin < 10.5.5 versions.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-27617
Home page URL: Security reports for RSVPMaker
Application: RSVPMaker
Date: Sep 27, 2023
Research Description: Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in David F. Carr RSVPMaker plugin <= 10.6.6 versions.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-41652
Home page URL: Security reports for RSVPMaker
Application: RSVPMaker
Date: Nov 03, 2023
Research Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker rsvpmaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 10.6.6.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-25054
Home page URL: Security reports for RSVPMaker
Application: RSVPMaker
Date: Dec 29, 2023
Research Description: Improper Control of Generation of Code ('Code Injection') vulnerability in David F. Carr RSVPMaker.This issue affects RSVPMaker: from n/a through 10.6.6.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-25045
Home page URL: Security reports for RSVPMaker
Application: RSVPMaker
Date: Oct 31, 2023
Research Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 9.9.3.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-27616
Home page URL: Security reports for RSVPMaker
Application: RSVPMaker
Date: Sep 27, 2023
Research Description: Unauth. Stored Cross-Site Scripting (XSS) vulnerability in David F. Carr RSVPMaker plugin <= 10.6.6 versions.
Affected versions: Min -, max -.
Status: vulnerable

Jan 26, 2025

CVE, Research URL: CVE-2025-24600
Home page URL: Security reports for RSVPMaker
Application: RSVPMaker
Date: Jan 27, 2025
Research Description: Missing Authorization vulnerability in David F. Carr RSVPMarker . This issue affects RSVPMarker : from n/a through 11.4.5.
Affected versions: Min -, max -.
Status: vulnerable

Apr 03, 2025

CVE, Research URL: CVE-2025-31552
Home page URL: Security reports for RSVPMaker
Application: RSVPMaker
Date: Apr 02, 2025
Research Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in davidfcarr RSVPMarker allows SQL Injection. This issue affects RSVPMarker : from n/a through 11.4.8.
Affected versions: Min -, max -.
Status: vulnerable