David F Carr Rsvpmaker vulnerabilities
7 known vulnerabilities affecting david_f_carr/rsvpmaker.
Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH3MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2023-41652P2CRITICALCVSS 9.8≥ n/a, ≤ 10.6.62023-11-03
CVE-2023-41652 [CRITICAL] CWE-89 CVE-2023-41652: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker rsvpmaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 10.6.6.
nvd
CVE-2023-25054P3CRITICALCVSS 9.8≥ n/a, ≤ 10.6.62023-12-29
CVE-2023-25054 [CRITICAL] CWE-94 CVE-2023-25054: Improper Control of Generation of Code ('Code Injection') vulnerability in David F. Carr RSVPMaker.T
Improper Control of Generation of Code ('Code Injection') vulnerability in David F. Carr RSVPMaker.This issue affects RSVPMaker: from n/a through 10.6.6.
nvd
CVE-2023-25047P3HIGHCVSS 7.2≥ n/a, ≤ 9.9.32023-10-31
CVE-2023-25047 [HIGH] CWE-89 CVE-2023-25047: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker rsvpmaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 9.9.3.
nvd
CVE-2023-25045P3HIGHCVSS 7.2≥ n/a, ≤ 9.9.32023-10-31
CVE-2023-25045 [HIGH] CWE-89 CVE-2023-25045: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 9.9.3.
nvd
CVE-2023-29095P3HIGHCVSS 7.2≥ n/a, < 10.5.52023-07-10
CVE-2023-29095 [HIGH] CWE-89 CVE-2023-29095: Auth. (admin+) SQL Injection (SQLi) vulnerability in David F. Carr RSVPMaker plugin < 10.5.5 version
Auth. (admin+) SQL Injection (SQLi) vulnerability in David F. Carr RSVPMaker plugin < 10.5.5 versions.
nvd
CVE-2023-27616P4MEDIUMCVSS 6.1≥ n/a, ≤ 10.6.62023-09-27
CVE-2023-27616 [MEDIUM] CWE-79 CVE-2023-27616: Unauth. Stored Cross-Site Scripting (XSS) vulnerability in David F. Carr RSVPMaker plugin <= 10.6.6
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in David F. Carr RSVPMaker plugin <= 10.6.6 versions.
nvd
CVE-2023-27617P4MEDIUMCVSS 4.8≥ n/a, ≤ 10.6.62023-09-27
CVE-2023-27617 [MEDIUM] CWE-79 CVE-2023-27617: Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in David F. Carr RSVPMaker plugin <=
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in David F. Carr RSVPMaker plugin <= 10.6.6 versions.
nvd