CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25054 – WordPress RSVPMarker Plugin <= 10.6.6 is vulnerable to Remote Code Execution (RCE)
https://notcve.org/view.php?id=CVE-2023-25054
05 Sep 2023 — Improper Control of Generation of Code ('Code Injection') vulnerability in David F. Carr RSVPMaker.This issue affects RSVPMaker: from n/a through 10.6.6. Vulnerabilidad de control inadecuado de generación de código ("inyección de código") en David F. Carr RSVPMaker. Este problema afecta a RSVPMaker: desde n/a hasta 10.6.6. • https://patchstack.com/database/vulnerability/rsvpmaker/wordpress-rsvpmaker-plugin-10-6-6-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-41652 – WordPress RSVPMarker Plugin <= 10.6.6 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2023-41652
01 Sep 2023 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker rsvpmaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 10.6.6. Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ("Inyección SQL") en David F. Carr RSVPMaker rsvpmaker permite la inyección SQL. Este problema afecta a RSVPMaker: desde n/a hasta 10.6.6. • https://github.com/RandomRobbieBF/CVE-2023-41652 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27617 – WordPress RSVPMarker Plugin <= 10.6.6 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-27617
17 Aug 2023 — Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in David F. Carr RSVPMaker plugin <= 10.6.6 versions. Vulnerabilidad de Coss-Site Scripting (XSS) autenticada (con permisos de admin o superiores) almacenada en el complemento David F. Carr RSVPMaker en versiones <= 10.6.6. • https://patchstack.com/database/vulnerability/rsvpmaker/wordpress-rsvpmaker-plugin-10-6-4-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27616 – WordPress RSVPMarker Plugin <= 10.6.6 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-27616
17 Aug 2023 — Unauth. Stored Cross-Site Scripting (XSS) vulnerability in David F. Carr RSVPMaker plugin <= 10.6.6 versions. Vulnerabilidad de Cross-Site Scripting (XSS) Almacenada No Autenticada en el complemento David F. Carr RSVPMaker en versiones <= 10.6.6. • https://patchstack.com/database/vulnerability/rsvpmaker/wordpress-rsvpmaker-plugin-10-6-4-cross-site-scripting-xss-vulnerability-2?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-29095 – WordPress RSVPMarker Plugin < 10.5.5 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2023-29095
05 Jul 2023 — Auth. (admin+) SQL Injection (SQLi) vulnerability in David F. Carr RSVPMaker plugin < 10.5.5 versions. The RSVPMaker plugin for WordPress is vulnerable to SQL Injection via the 'resend' parameter in versions up to, and including, 10.5.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing que... • https://patchstack.com/database/vulnerability/rsvpmaker/wordpress-rsvpmaker-plugin-10-5-3-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25045 – WordPress RSVPMarker Plugin <= 9.9.3 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2023-25045
13 Feb 2023 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 9.9.3. La neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyección SQL') en David F. Carr RSVPMaker permite la inyección SQL. Este problema afecta a RSVPMaker: desde n/a hasta 9.9.3. • https://patchstack.com/database/vulnerability/rsvpmaker/wordpress-rsvpmaker-plugin-9-9-3-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25047 – WordPress RSVPMarker Plugin <= 9.9.3 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2023-25047
13 Feb 2023 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker rsvpmaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 9.9.3. Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ("Inyección SQL") en David F. Carr RSVPMaker rsvpmaker permite la inyección SQL. Este problema afecta a RSVPMaker: desde n/a hasta 9.9.3. • https://patchstack.com/database/vulnerability/rsvpmaker/wordpress-rsvpmaker-plugin-9-9-3-sql-injection-vulnerability-2?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 7%CPEs: 1EXPL: 2CVE-2022-1768 – RSVPMaker <= 9.3.2 - Unauthenticated SQL Injection
https://notcve.org/view.php?id=CVE-2022-1768
17 May 2022 — The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to insufficient escaping and parameterization on user supplied data passed to multiple SQL queries in the ~/rsvpmaker-email.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to, and including, 9.3.2. Please note that this is separate from CVE-2022-1453 & CVE-2022-1505. El plugin RSVPMaker para WordPress es vulnerable a una inyección de SQL sin aut... • http://packetstormsecurity.com/files/176549/WordPress-RSVPMaker-9.3.2-SQL-Injection.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-1505 – RSVPMaker <= 9.2.6 - Unauthenticated SQL Injection
https://notcve.org/view.php?id=CVE-2022-1505
27 Apr 2022 — The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-api-endpoints.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to and including 9.2.6. El plugin RSVPMaker para WordPress es vulnerable a una inyección SQL no autenticada debido a una falta de escape y parametrización SQL en los datos suminis... • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2715095%40rsvpmaker&new=2715095%40rsvpmaker&sfp_email=&sfph_mail= • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-1453 – RSVPMaker <= 9.2.5 - Unauthenticated SQL Injection
https://notcve.org/view.php?id=CVE-2022-1453
26 Apr 2022 — The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-util.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to and including 9.2.5. El plugin RSVPMaker para WordPress es vulnerable a una inyección SQL no autenticada debido a una falta de escape SQL y parametrización de los datos suministrados po... • https://github.com/davidfcarr/rsvpmaker/commit/bfb189f49af7ab0d34499a2da772e3266f72167d • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •