WordPress Plugin Vulnerabilities

RSVPMarker < 10.5.5 - Admin+ SQL Injection (SQLi)

Description

Auth. (admin+) SQL Injection (SQLi) vulnerability in David F. Carr RSVPMaker plugin < 10.5.5 versions.

Affects Plugins

Plugin icon
rsvpmaker
Fixed in 10.5.5

References

CVE
CVE-2023-29095

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
7.6 (high)

Miscellaneous

Original Researcher
Rafi Priatna Kasbiantoro
Verified
No
WPVDB ID
6fda6f03-3f12-48c7-bbf3-aaf7a7c643da

Timeline

Publicly Published
2023-07-10 (about 2 years ago)
Added
2023-07-10 (about 2 years ago)
Last Updated
2023-07-10 (about 2 years ago)

Other

Published
Title
Published
2020-11-12
Title
Good LMS < 2.1.5 - Unauthenticated SQL Injection
Published
2011-09-01
Title
SearchAutocomplete <= 1.0.8 - Unauthenticated SQL Injection
Published
2024-12-11
Title
Hive Support – WordPress Help Desk < 1.1.3 - Authenticated (Subscriber+) SQL Injection
Published
2023-12-21
Title
BookIt < 2.4.4 - Authenticated(Administrator+) SQL Injection
Published
2026-04-21
Title
Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe < 28.1.7 - Unauthenticated SQL Injection