cleantalk
Vulnerabilities and Security Researches

RSVPMaker, CVE-2022-1768

CVE, Research URL

CVE-2022-1768

Home page URL

Security reports for RSVPMaker

Application

RSVPMaker

Published on
Jun 13, 2022
Research Description
The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to insufficient escaping and parameterization on user supplied data passed to multiple SQL queries in the ~/rsvpmaker-email.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to, and including, 9.3.2. Please note that this is separate from CVE-2022-1453 & CVE-2022-1505.
Affected versions
Min -, max 2.5.5.
Status
vulnerable
Previous vulnerability researches
RSVPMaker for Toastmasters (CVE-2024-50531) , Nov 02, 2024
RSVPMaker Volunteer Roles (CVE-2025-23531) , Jan 29, 2025
RSVPMaker (CVE-2023-25047) , Jun 07, 2024
RSVPMaker (CVE-2019-15646) , Jun 07, 2024
RSVPMaker (CVE-2022-1768) , Jun 07, 2024
New vulnerability
Canonical Attachments (CVE-2025-32543) , Apr 11, 2025
CG Scroll To Top (CVE-2025-31399) , Apr 11, 2025
Ultimate WP Mail (CVE-2025-32694) , Apr 11, 2025
MyBookProgress by Stormhill Media (CVE-2025-30982) , Apr 11, 2025
Social Bookmarking RELOADED (CVE-2025-31393) , Apr 11, 2025