Vulnerabilities > Carrcommunications

DATE CVE VULNERABILITY TITLE RISK
2022-05-10 CVE-2022-1505 SQL Injection vulnerability in Carrcommunications Rsvpmaker
The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-api-endpoints.php file.
network
low complexity
carrcommunications CWE-89
7.5
2021-09-10 CVE-2021-38337 Cross-site Scripting vulnerability in Carrcommunications Rsvpmaker Excel 1.1
The RSVPMaker Excel WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/phpexcel/PHPExcel/Shared/JAMA/docs/download.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.1.
4.3
2021-08-02 CVE-2021-24371 Server-Side Request Forgery (SSRF) vulnerability in Carrcommunications Rsvpmaker
The Import feature of the RSVPMaker WordPress plugin before 8.7.3 (/wp-admin/tools.php?page=rsvpmaker_export_screen) takes an URL input and calls curl on it, without first validating it to ensure it's a remote one.
network
low complexity
carrcommunications CWE-918
2.7
2019-08-27 CVE-2019-15646 SQL Injection vulnerability in Carrcommunications Rsvpmaker
The rsvpmaker plugin before 6.2 for WordPress has SQL injection.
network
low complexity
carrcommunications CWE-89
critical
9.8
2019-08-27 CVE-2018-21004 SQL Injection vulnerability in Carrcommunications Rsvpmaker
The rsvpmaker plugin before 5.6.4 for WordPress has SQL injection.
network
low complexity
carrcommunications CWE-89
critical
9.8