cleantalk
Vulnerabilities and Security Researches

RSVPMaker, CVE-2022-1453

CVE, Research URL

CVE-2022-1453

Home page URL

Security reports for RSVPMaker

Application

RSVPMaker

Published on
May 11, 2022
Research Description
The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-util.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to and including 9.2.5.
Affected versions
Min -, max 9.2.6.
Status
vulnerable
Previous vulnerability researches
RSVPMaker for Toastmasters (CVE-2024-50531) , Nov 02, 2024
RSVPMaker Volunteer Roles (CVE-2025-23531) , Jan 29, 2025
RSVPMaker (CVE-2023-25047) , Jun 07, 2024
RSVPMaker (CVE-2019-15646) , Jun 07, 2024
RSVPMaker (CVE-2022-1768) , Jun 07, 2024
New vulnerability
Canonical Attachments (CVE-2025-32543) , Apr 11, 2025
CG Scroll To Top (CVE-2025-31399) , Apr 11, 2025
Ultimate WP Mail (CVE-2025-32694) , Apr 11, 2025
MyBookProgress by Stormhill Media (CVE-2025-30982) , Apr 11, 2025
Social Bookmarking RELOADED (CVE-2025-31393) , Apr 11, 2025