cleantalk
Vulnerabilities and Security Researches

RSVPMaker, CVE-2022-1505

CVE, Research URL

CVE-2022-1505

Home page URL

Security reports for RSVPMaker

Application

RSVPMaker

Published on
May 11, 2022
Research Description
The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-api-endpoints.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to and including 9.2.6.
Affected versions
Min -, max 9.2.7.
Status
vulnerable
Previous vulnerability researches
RSVPMaker for Toastmasters (CVE-2024-50531) , Nov 02, 2024
RSVPMaker Volunteer Roles (CVE-2025-23531) , Jan 29, 2025
RSVPMaker (CVE-2023-25047) , Jun 07, 2024
RSVPMaker (CVE-2019-15646) , Jun 07, 2024
RSVPMaker (CVE-2022-1768) , Jun 07, 2024
New vulnerability
Ultimate WP Mail (CVE-2025-32694) , Apr 11, 2025
MyBookProgress by Stormhill Media (CVE-2025-30982) , Apr 11, 2025
Social Bookmarking RELOADED (CVE-2025-31393) , Apr 11, 2025
Nav Menu Manager (CVE-2025-31017) , Apr 11, 2025
Out-of-the-box WordPress search (vector, hybrid, and keywords) for Weaviate, Elasticsearch, OpenSearch, Apache Solr, or Apache (CVE-2025-31036) , Apr 11, 2025