Filtered by vendor Rsvpmaker Project
Subscribe
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-29095 | 1 Rsvpmaker Project | 1 Rsvpmaker | 2023-07-13 | N/A | 7.2 HIGH |
| Auth. (admin+) SQL Injection (SQLi) vulnerability in David F. Carr RSVPMaker plugin < 10.5.5 versions. | |||||
| CVE-2021-24371 | 1 Rsvpmaker Project | 1 Rsvpmaker | 2021-08-10 | 4.0 MEDIUM | 2.7 LOW |
| The Import feature of the RSVPMaker WordPress plugin before 8.7.3 (/wp-admin/tools.php?page=rsvpmaker_export_screen) takes an URL input and calls curl on it, without first validating it to ensure it's a remote one. As a result, a high privilege user could use that feature to scan the internal network via a SSRF attack. | |||||
| CVE-2019-15646 | 1 Rsvpmaker Project | 1 Rsvpmaker | 2019-08-28 | 7.5 HIGH | 9.8 CRITICAL |
| The rsvpmaker plugin before 6.2 for WordPress has SQL injection. | |||||
| CVE-2018-21004 | 1 Rsvpmaker Project | 1 Rsvpmaker | 2019-08-28 | 7.5 HIGH | 9.8 CRITICAL |
| The rsvpmaker plugin before 5.6.4 for WordPress has SQL injection. | |||||