Vulnerabilities > CVE-2021-24371 - Server-Side Request Forgery (SSRF) vulnerability in Carrcommunications Rsvpmaker

CVSS 2.7 - LOW

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

carrcommunications

CWE-918

NVD

Published: 2021-08-02

Updated: 2023-09-30

Summary

The Import feature of the RSVPMaker WordPress plugin before 8.7.3 (/wp-admin/tools.php?page=rsvpmaker_export_screen) takes an URL input and calls curl on it, without first validating it to ensure it's a remote one. As a result, a high privilege user could use that feature to scan the internal network via a SSRF attack.

Vulnerable Configurations

Part	Description	Count
Application	Carrcommunications Carrcommunications Rsvpmaker - Carrcommunications Rsvpmaker 0.6 Carrcommunications Rsvpmaker 0.6.1 Carrcommunications Rsvpmaker 0.6.2 Carrcommunications Rsvpmaker 0.7 Carrcommunications Rsvpmaker 0.7.1 Carrcommunications Rsvpmaker 0.7.2 Carrcommunications Rsvpmaker 0.7.3 Carrcommunications Rsvpmaker 0.7.4 Carrcommunications Rsvpmaker 0.7.5 Carrcommunications Rsvpmaker 0.7.6 Carrcommunications Rsvpmaker 0.8 Carrcommunications Rsvpmaker 0.9 Carrcommunications Rsvpmaker 0.9.1 Carrcommunications Rsvpmaker 0.9.2 Carrcommunications Rsvpmaker 1.0 Carrcommunications Rsvpmaker 1.1 Carrcommunications Rsvpmaker 1.2 Carrcommunications Rsvpmaker 1.3 Carrcommunications Rsvpmaker 1.4 Carrcommunications Rsvpmaker 1.5 Carrcommunications Rsvpmaker 1.6 Carrcommunications Rsvpmaker 1.7 Carrcommunications Rsvpmaker 1.8 Carrcommunications Rsvpmaker 1.9 Carrcommunications Rsvpmaker 1.9.1 Carrcommunications Rsvpmaker 1.9.3 Carrcommunications Rsvpmaker 2.0 Carrcommunications Rsvpmaker 2.1 Carrcommunications Rsvpmaker 2.2 Carrcommunications Rsvpmaker 2.3 Carrcommunications Rsvpmaker 2.3.1 Carrcommunications Rsvpmaker 2.3.2 Carrcommunications Rsvpmaker 2.3.3 Carrcommunications Rsvpmaker 2.3.4 Carrcommunications Rsvpmaker 2.3.5 Carrcommunications Rsvpmaker 2.3.6 Carrcommunications Rsvpmaker 2.3.9 Carrcommunications Rsvpmaker 2.4 Carrcommunications Rsvpmaker 2.4.1 Carrcommunications Rsvpmaker 2.4.2 Carrcommunications Rsvpmaker 2.5 Carrcommunications Rsvpmaker 2.5.4 Carrcommunications Rsvpmaker 2.5.5 Carrcommunications Rsvpmaker 2.5.6 Carrcommunications Rsvpmaker 2.5.7 Carrcommunications Rsvpmaker 2.5.8 Carrcommunications Rsvpmaker 2.5.9 Carrcommunications Rsvpmaker 2.6 Carrcommunications Rsvpmaker 2.7 Carrcommunications Rsvpmaker 2.7.1 Carrcommunications Rsvpmaker 2.7.2 Carrcommunications Rsvpmaker 2.7.3 Carrcommunications Rsvpmaker 2.7.4 Carrcommunications Rsvpmaker 2.7.4.1 Carrcommunications Rsvpmaker 2.7.4.2 Carrcommunications Rsvpmaker 2.7.5 Carrcommunications Rsvpmaker 2.7.6 Carrcommunications Rsvpmaker 2.7.7 Carrcommunications Rsvpmaker 2.7.8 Carrcommunications Rsvpmaker 2.8 Carrcommunications Rsvpmaker 2.8.1 Carrcommunications Rsvpmaker 2.8.2 Carrcommunications Rsvpmaker 2.8.3 Carrcommunications Rsvpmaker 2.8.4 Carrcommunications Rsvpmaker 2.8.5 Carrcommunications Rsvpmaker 2.8.6 Carrcommunications Rsvpmaker 2.8.7 Carrcommunications Rsvpmaker 2.8.8 Carrcommunications Rsvpmaker 2.8.9 Carrcommunications Rsvpmaker 3.0 Carrcommunications Rsvpmaker 3.0.1 Carrcommunications Rsvpmaker 3.0.2 Carrcommunications Rsvpmaker 3.0.3 Carrcommunications Rsvpmaker 3.0.4 Carrcommunications Rsvpmaker 3.0.5 Carrcommunications Rsvpmaker 3.0.6 Carrcommunications Rsvpmaker 3.0.7 Carrcommunications Rsvpmaker 3.0.8 Carrcommunications Rsvpmaker 3.0.9 Carrcommunications Rsvpmaker 3.1 Carrcommunications Rsvpmaker 3.1.1 Carrcommunications Rsvpmaker 3.2 Carrcommunications Rsvpmaker 3.2.2 Carrcommunications Rsvpmaker 3.2.3 Carrcommunications Rsvpmaker 3.2.4 Carrcommunications Rsvpmaker 3.2.5 Carrcommunications Rsvpmaker 3.2.6 Carrcommunications Rsvpmaker 3.2.8 Carrcommunications Rsvpmaker 3.3 Carrcommunications Rsvpmaker 3.3.1 Carrcommunications Rsvpmaker 3.3.7 Carrcommunications Rsvpmaker 3.3.8 Carrcommunications Rsvpmaker 3.3.9 Carrcommunications Rsvpmaker 3.4.4 Carrcommunications Rsvpmaker 3.5 Carrcommunications Rsvpmaker 3.5.4 Carrcommunications Rsvpmaker 3.5.6 Carrcommunications Rsvpmaker 3.5.7 Carrcommunications Rsvpmaker 3.5.8 Carrcommunications Rsvpmaker 3.5.9 Carrcommunications Rsvpmaker 3.6 Carrcommunications Rsvpmaker 3.6.2 Carrcommunications Rsvpmaker 3.6.3 Carrcommunications Rsvpmaker 3.6.4 Carrcommunications Rsvpmaker 3.7 Carrcommunications Rsvpmaker 3.7.4 Carrcommunications Rsvpmaker 3.7.5 Carrcommunications Rsvpmaker 3.8 Carrcommunications Rsvpmaker 3.8.1 Carrcommunications Rsvpmaker 3.9 Carrcommunications Rsvpmaker 3.9.4 Carrcommunications Rsvpmaker 3.9.6 Carrcommunications Rsvpmaker 3.9.7 Carrcommunications Rsvpmaker 3.9.8 Carrcommunications Rsvpmaker 3.9.9 Carrcommunications Rsvpmaker 4.0 Carrcommunications Rsvpmaker 4.1.3 Carrcommunications Rsvpmaker 4.1.4 Carrcommunications Rsvpmaker 4.1.5 Carrcommunications Rsvpmaker 4.1.6 Carrcommunications Rsvpmaker 4.1.7 Carrcommunications Rsvpmaker 4.1.8 Carrcommunications Rsvpmaker 4.2 Carrcommunications Rsvpmaker 4.2.3 Carrcommunications Rsvpmaker 4.2.4 Carrcommunications Rsvpmaker 4.2.5 Carrcommunications Rsvpmaker 4.2.7 Carrcommunications Rsvpmaker 4.2.8 Carrcommunications Rsvpmaker 4.3 Carrcommunications Rsvpmaker 4.3.2 Carrcommunications Rsvpmaker 4.3.3 Carrcommunications Rsvpmaker 4.3.4 Carrcommunications Rsvpmaker 4.3.5 Carrcommunications Rsvpmaker 4.3.7 Carrcommunications Rsvpmaker 4.3.8 Carrcommunications Rsvpmaker 4.3.9 Carrcommunications Rsvpmaker 4.4.1 Carrcommunications Rsvpmaker 4.4.4 Carrcommunications Rsvpmaker 4.4.6 Carrcommunications Rsvpmaker 4.4.7 Carrcommunications Rsvpmaker 4.4.8 Carrcommunications Rsvpmaker 4.4.9 Carrcommunications Rsvpmaker 4.5.1 Carrcommunications Rsvpmaker 4.5.2 Carrcommunications Rsvpmaker 4.5.5 Carrcommunications Rsvpmaker 4.5.6 Carrcommunications Rsvpmaker 4.5.9 Carrcommunications Rsvpmaker 4.6 Carrcommunications Rsvpmaker 4.6.3 Carrcommunications Rsvpmaker 4.6.4 Carrcommunications Rsvpmaker 4.6.7 Carrcommunications Rsvpmaker 4.6.8 Carrcommunications Rsvpmaker 4.6.9 Carrcommunications Rsvpmaker 4.7 Carrcommunications Rsvpmaker 4.7.1 Carrcommunications Rsvpmaker 4.7.2 Carrcommunications Rsvpmaker 4.7.3 Carrcommunications Rsvpmaker 4.7.4 Carrcommunications Rsvpmaker 4.7.5 Carrcommunications Rsvpmaker 4.7.6 Carrcommunications Rsvpmaker 4.7.7 Carrcommunications Rsvpmaker 4.7.8 Carrcommunications Rsvpmaker 4.7.9 Carrcommunications Rsvpmaker 4.8 Carrcommunications Rsvpmaker 4.8.7 Carrcommunications Rsvpmaker 4.8.8 Carrcommunications Rsvpmaker 4.8.9 Carrcommunications Rsvpmaker 4.9 Carrcommunications Rsvpmaker 4.9.1 Carrcommunications Rsvpmaker 4.9.2 Carrcommunications Rsvpmaker 4.9.3 Carrcommunications Rsvpmaker 4.9.4 Carrcommunications Rsvpmaker 4.9.5 Carrcommunications Rsvpmaker 4.9.7 Carrcommunications Rsvpmaker 4.9.8 Carrcommunications Rsvpmaker 5.0 Carrcommunications Rsvpmaker 5.1 Carrcommunications Rsvpmaker 5.1.4 Carrcommunications Rsvpmaker 5.1.6 Carrcommunications Rsvpmaker 5.1.7 Carrcommunications Rsvpmaker 5.1.8 Carrcommunications Rsvpmaker 5.2.1 Carrcommunications Rsvpmaker 5.3 Carrcommunications Rsvpmaker 5.3.1 Carrcommunications Rsvpmaker 5.3.4 Carrcommunications Rsvpmaker 5.3.7 Carrcommunications Rsvpmaker 5.3.9 Carrcommunications Rsvpmaker 5.4 Carrcommunications Rsvpmaker 5.4.1 Carrcommunications Rsvpmaker 5.4.2 Carrcommunications Rsvpmaker 5.4.6 Carrcommunications Rsvpmaker 5.4.7 Carrcommunications Rsvpmaker 5.4.9 Carrcommunications Rsvpmaker 5.5 Carrcommunications Rsvpmaker 5.5.1 Carrcommunications Rsvpmaker 5.5.5 Carrcommunications Rsvpmaker 5.5.6 Carrcommunications Rsvpmaker 5.5.7 Carrcommunications Rsvpmaker 5.6.1 Carrcommunications Rsvpmaker 5.6.2 Carrcommunications Rsvpmaker 5.6.3 Carrcommunications Rsvpmaker 5.6.4 Carrcommunications Rsvpmaker 5.6.5 Carrcommunications Rsvpmaker 5.6.6 Carrcommunications Rsvpmaker 5.6.8 Carrcommunications Rsvpmaker 5.7.0 Carrcommunications Rsvpmaker 5.7.2 Carrcommunications Rsvpmaker 5.7.4 Carrcommunications Rsvpmaker 5.7.5 Carrcommunications Rsvpmaker 5.7.6 Carrcommunications Rsvpmaker 5.7.9 Carrcommunications Rsvpmaker 5.8 Carrcommunications Rsvpmaker 5.8.2 Carrcommunications Rsvpmaker 5.8.3 Carrcommunications Rsvpmaker 5.8.4 Carrcommunications Rsvpmaker 5.8.5 Carrcommunications Rsvpmaker 5.8.6 Carrcommunications Rsvpmaker 5.8.8 Carrcommunications Rsvpmaker 5.8.9 Carrcommunications Rsvpmaker 5.9.1 Carrcommunications Rsvpmaker 5.9.2 Carrcommunications Rsvpmaker 5.9.4 Carrcommunications Rsvpmaker 5.9.6 Carrcommunications Rsvpmaker 5.9.7 Carrcommunications Rsvpmaker 5.9.9 Carrcommunications Rsvpmaker 6.0 Carrcommunications Rsvpmaker 6.0.5 Carrcommunications Rsvpmaker 6.0.6 Carrcommunications Rsvpmaker 6.0.7 Carrcommunications Rsvpmaker 6.1.0 Carrcommunications Rsvpmaker 6.1.1 Carrcommunications Rsvpmaker 6.1.4 Carrcommunications Rsvpmaker 6.1.5 Carrcommunications Rsvpmaker 6.1.9 Carrcommunications Rsvpmaker 6.2 Carrcommunications Rsvpmaker 6.2.1 Carrcommunications Rsvpmaker 6.2.2 Carrcommunications Rsvpmaker 6.2.3 Carrcommunications Rsvpmaker 6.2.4 Carrcommunications Rsvpmaker 6.2.5 Carrcommunications Rsvpmaker 6.2.6 Carrcommunications Rsvpmaker 6.3.1 Carrcommunications Rsvpmaker 6.3.4 Carrcommunications Rsvpmaker 6.3.6 Carrcommunications Rsvpmaker 6.3.7 Carrcommunications Rsvpmaker 6.3.8 Carrcommunications Rsvpmaker 6.3.9 Carrcommunications Rsvpmaker 6.4 Carrcommunications Rsvpmaker 6.4.1 Carrcommunications Rsvpmaker 6.4.2 Carrcommunications Rsvpmaker 6.4.3 Carrcommunications Rsvpmaker 6.4.4 Carrcommunications Rsvpmaker 6.5 Carrcommunications Rsvpmaker 6.5.2 Carrcommunications Rsvpmaker 6.5.4 Carrcommunications Rsvpmaker 6.5.5 Carrcommunications Rsvpmaker 6.5.6 Carrcommunications Rsvpmaker 6.5.8 Carrcommunications Rsvpmaker 6.6.0 Carrcommunications Rsvpmaker 6.6.1 Carrcommunications Rsvpmaker 6.6.2 Carrcommunications Rsvpmaker 6.6.4 Carrcommunications Rsvpmaker 7.0.0 Carrcommunications Rsvpmaker 7.0.1 Carrcommunications Rsvpmaker 7.0.5 Carrcommunications Rsvpmaker 7.0.6 Carrcommunications Rsvpmaker 7.1.0 Carrcommunications Rsvpmaker 7.1.1 Carrcommunications Rsvpmaker 7.1.3 Carrcommunications Rsvpmaker 7.1.9 Carrcommunications Rsvpmaker 7.2.1 Carrcommunications Rsvpmaker 7.2.2 Carrcommunications Rsvpmaker 7.2.5 Carrcommunications Rsvpmaker 7.2.6 Carrcommunications Rsvpmaker 7.3.2 Carrcommunications Rsvpmaker 7.3.3 Carrcommunications Rsvpmaker 7.3.4 Carrcommunications Rsvpmaker 7.3.7 Carrcommunications Rsvpmaker 7.3.8 Carrcommunications Rsvpmaker 7.3.9 Carrcommunications Rsvpmaker 7.4 Carrcommunications Rsvpmaker 7.4.2 Carrcommunications Rsvpmaker 7.4.3 Carrcommunications Rsvpmaker 7.4.5 Carrcommunications Rsvpmaker 7.4.8 Carrcommunications Rsvpmaker 7.4.9 Carrcommunications Rsvpmaker 7.5.1 Carrcommunications Rsvpmaker 7.5.2 Carrcommunications Rsvpmaker 7.5.3 Carrcommunications Rsvpmaker 7.5.4 Carrcommunications Rsvpmaker 7.5.7 Carrcommunications Rsvpmaker 7.5.8 Carrcommunications Rsvpmaker 7.5.9 Carrcommunications Rsvpmaker 7.6 Carrcommunications Rsvpmaker 7.6.1 Carrcommunications Rsvpmaker 7.6.5 Carrcommunications Rsvpmaker 7.6.6 Carrcommunications Rsvpmaker 7.6.7 Carrcommunications Rsvpmaker 7.6.8 Carrcommunications Rsvpmaker 7.6.9 Carrcommunications Rsvpmaker 7.7.3 Carrcommunications Rsvpmaker 7.7.4 Carrcommunications Rsvpmaker 7.7.5 Carrcommunications Rsvpmaker 7.7.7 Carrcommunications Rsvpmaker 7.7.8 Carrcommunications Rsvpmaker 7.7.9 Carrcommunications Rsvpmaker 7.8 Carrcommunications Rsvpmaker 7.8.1 Carrcommunications Rsvpmaker 7.8.2 Carrcommunications Rsvpmaker 7.8.3 Carrcommunications Rsvpmaker 7.8.4 Carrcommunications Rsvpmaker 7.8.8 Carrcommunications Rsvpmaker 7.8.9 Carrcommunications Rsvpmaker 7.9 Carrcommunications Rsvpmaker 7.9.1 Carrcommunications Rsvpmaker 7.9.2 Carrcommunications Rsvpmaker 7.9.3 Carrcommunications Rsvpmaker 7.9.4 Carrcommunications Rsvpmaker 7.9.5 Carrcommunications Rsvpmaker 7.9.7 Carrcommunications Rsvpmaker 7.9.9 Carrcommunications Rsvpmaker 8.0.1 Carrcommunications Rsvpmaker 8.0.2 Carrcommunications Rsvpmaker 8.0.5 Carrcommunications Rsvpmaker 8.0.6 Carrcommunications Rsvpmaker 8.0.7 Carrcommunications Rsvpmaker 8.0.8 Carrcommunications Rsvpmaker 8.0.9 Carrcommunications Rsvpmaker 8.1.0 Carrcommunications Rsvpmaker 8.1.1 Carrcommunications Rsvpmaker 8.1.4 Carrcommunications Rsvpmaker 8.1.5 Carrcommunications Rsvpmaker 8.1.6 Carrcommunications Rsvpmaker 8.1.7 Carrcommunications Rsvpmaker 8.1.8 Carrcommunications Rsvpmaker 8.1.9 Carrcommunications Rsvpmaker 8.2.1 Carrcommunications Rsvpmaker 8.2.4 Carrcommunications Rsvpmaker 8.2.6 Carrcommunications Rsvpmaker 8.2.7 Carrcommunications Rsvpmaker 8.2.8 Carrcommunications Rsvpmaker 8.3.1 Carrcommunications Rsvpmaker 8.3.2 Carrcommunications Rsvpmaker 8.3.5 Carrcommunications Rsvpmaker 8.3.7 Carrcommunications Rsvpmaker 8.3.8 Carrcommunications Rsvpmaker 8.4 Carrcommunications Rsvpmaker 8.4.2 Carrcommunications Rsvpmaker 8.4.3 Carrcommunications Rsvpmaker 8.4.4 Carrcommunications Rsvpmaker 8.4.5 Carrcommunications Rsvpmaker 8.4.8 Carrcommunications Rsvpmaker 8.5.1 Carrcommunications Rsvpmaker 8.5.2 Carrcommunications Rsvpmaker 8.5.5 Carrcommunications Rsvpmaker 8.5.6 Carrcommunications Rsvpmaker 8.5.7 Carrcommunications Rsvpmaker 8.5.8 Carrcommunications Rsvpmaker 8.6 Carrcommunications Rsvpmaker 8.6.1 Carrcommunications Rsvpmaker 8.6.3 Carrcommunications Rsvpmaker 8.6.5 Carrcommunications Rsvpmaker 8.6.7 Carrcommunications Rsvpmaker 8.6.8 Carrcommunications Rsvpmaker 8.6.9 Carrcommunications Rsvpmaker 8.7 Carrcommunications Rsvpmaker 8.7.1 Carrcommunications Rsvpmaker 8.7.2	369

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References