RSS   Podatności dla 'Rsvpmaker'   RSS

2022-05-10
 
CVE-2022-1453

CWE-89
 

 
The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-util.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to and including 9.2.5.

 
 
CVE-2022-1505

CWE-89
 

 
The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-api-endpoints.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to and including 9.2.6.

 
2021-08-02
 
CVE-2021-24371

CWE-918
 

 
The Import feature of the RSVPMaker WordPress plugin before 8.7.3 (/wp-admin/tools.php?page=rsvpmaker_export_screen) takes an URL input and calls curl on it, without first validating it to ensure it's a remote one. As a result, a high privilege user could use that feature to scan the internal network via a SSRF attack.

 
2019-08-27
 
CVE-2019-15646

CWE-89
 

 
The rsvpmaker plugin before 6.2 for WordPress has SQL injection.

 
 
CVE-2018-21004

CWE-89
 

 
The rsvpmaker plugin before 5.6.4 for WordPress has SQL injection.

 


Copyright 2024, cxsecurity.com

 

Back to Top