Vulnerabilities > Carrcommunications

DATE	CVE	VULNERABILITY TITLE	RISK
2021-09-10	CVE-2021-38337	Cross-site Scripting vulnerability in Carrcommunications Rsvpmaker Excel 1.1 The RSVPMaker Excel WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/phpexcel/PHPExcel/Shared/JAMA/docs/download.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.1. network carrcommunications CWE-79	4.3
2021-08-02	CVE-2021-24371	Server-Side Request Forgery (SSRF) vulnerability in Carrcommunications Rsvpmaker The Import feature of the RSVPMaker WordPress plugin before 8.7.3 (/wp-admin/tools.php?page=rsvpmaker_export_screen) takes an URL input and calls curl on it, without first validating it to ensure it's a remote one. network low complexity carrcommunications CWE-918	2.7
2019-08-27	CVE-2019-15646	SQL Injection vulnerability in Carrcommunications Rsvpmaker The rsvpmaker plugin before 6.2 for WordPress has SQL injection. network low complexity carrcommunications CWE-89 critical	9.8
2019-08-27	CVE-2018-21004	SQL Injection vulnerability in Carrcommunications Rsvpmaker The rsvpmaker plugin before 5.6.4 for WordPress has SQL injection. network low complexity carrcommunications CWE-89 critical	9.8

Vulnerabilities > Carrcommunications {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Carrcommunications"}]}