Vulnerabilities > Carrcommunications

DATE CVE VULNERABILITY TITLE RISK
2023-12-29 CVE-2023-25054 Code Injection vulnerability in Carrcommunications Rsvpmaker
Improper Control of Generation of Code ('Code Injection') vulnerability in David F.
network
low complexity
carrcommunications CWE-94
critical
 9.8
9.8
2023-11-03 CVE-2023-41652 SQL Injection vulnerability in Carrcommunications Rsvpmaker
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F.
network
low complexity
carrcommunications CWE-89
critical
 9.8
9.8
2023-10-31 CVE-2023-25045 SQL Injection vulnerability in Carrcommunications Rsvpmaker
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F.
network
low complexity
carrcommunications CWE-89
7.2
7.2
2023-10-31 CVE-2023-25047 SQL Injection vulnerability in Carrcommunications Rsvpmaker
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F.
network
low complexity
carrcommunications CWE-89
7.2
7.2
2023-09-27 CVE-2023-27616 Cross-site Scripting vulnerability in Carrcommunications Rsvpmaker
Unauth.
network
low complexity
carrcommunications CWE-79
6.1
6.1
2023-09-27 CVE-2023-27617 Cross-site Scripting vulnerability in Carrcommunications Rsvpmaker
Auth.
network
low complexity
carrcommunications CWE-79
4.8
4.8
2023-07-10 CVE-2023-29095 SQL Injection vulnerability in Carrcommunications Rsvpmaker
Auth.
network
low complexity
carrcommunications CWE-89
7.2
7.2
2022-06-13 CVE-2022-1768 Unspecified vulnerability in Carrcommunications Rsvpmaker
The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to insufficient escaping and parameterization on user supplied data passed to multiple SQL queries in the ~/rsvpmaker-email.php file.
network
low complexity
carrcommunications
7.5
7.5
2022-05-10 CVE-2022-1453 SQL Injection vulnerability in Carrcommunications Rsvpmaker 7.3.9/7.5.3
The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-util.php file.
network
low complexity
carrcommunications CWE-89
7.5
7.5
2022-05-10 CVE-2022-1505 SQL Injection vulnerability in Carrcommunications Rsvpmaker
The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-api-endpoints.php file.
network
low complexity
carrcommunications CWE-89
7.5
7.5