VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 5 known issues Latest disclosed Jan 24, 2025

RSVP and Event Management Vulnerabilities

Review known vulnerability records for the WordPress plugin RSVP and Event Management (`rsvp`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2025-24683, CVE-2024-12711 and CVE-2022-1054, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
5
High or Critical
0
Patch Coverage
100%
Last Updated
Jan 28, 2025
Priority CVE Quick Links

Fast paths into RSVP and Event Management CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
4
CVE-2017-18563 Medium 2.3.8
CVE-2017-18563 RSVP and Event Management Cross-Site Scripting

RSVP and Event Management Plugin <= 2.3.7 - Cross-Site Scripting

CVE-2024-12711 Medium 2.7.14
CVE-2024-12711 RSVP and Event Management Vulnerability

RSVP and Event Management <= 2.7.13 - Missing Authorization

CVE-2022-1054 Medium 2.7.8
CVE-2022-1054 RSVP and Event Management Vulnerability

RSVP and Event Management <= 2.7.7 - Unauthenticated Sensitive Information Disclosure

CVE-2025-24683 Medium 2.7.15
CVE-2025-24683 RSVP and Event Management SQL Injection

RSVP and Event Management Plugin <= 2.7.14 - Authenticated (Administrator+) SQL Injection

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for RSVP and Event Management so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
5 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
0 critical and 0 high severity findings.
Recent CVEs
CVE-2025-24683, CVE-2024-12711 and CVE-2022-1054
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for RSVP and Event Management

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2025-24683
CVE-2025-24683: RSVP and Event Management Plugin <= 2.7.14 - Authenticated (Administrator+) SQL Injection

The RSVP and Event Management Plugin plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 2.7.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for a...

Published
Jan 24, 2025
Patched Release
2.7.15
Affected Versions
Versions up to 2.7.14
Next Step
Update to 2.7.15 or newer if supported.
Open CVE-2025-24683 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-12711
CVE-2024-12711: RSVP and Event Management <= 2.7.13 - Missing Authorization

The RSVP and Event Management plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX functions like bulk_delete_attendees() and bulk_delete_questions() in all versions up to, and including, 2.7.13. This makes it possible for un...

Published
Jan 06, 2025
Patched Release
2.7.14
Affected Versions
Versions up to 2.7.13
Next Step
Update to 2.7.14 or newer if supported.
Open CVE-2024-12711 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2022-1054
CVE-2022-1054: RSVP and Event Management <= 2.7.7 - Unauthenticated Sensitive Information Disclosure

The RSVP and Event Management Plugin WordPress plugin before 2.7.8 does not have any authorisation checks when exporting its entries, and has the export function hooked to the init action. As a result, unauthenticated attackers could call it and retrieve PII such as first name, l...

Published
Apr 11, 2022
Patched Release
2.7.8
Affected Versions
Versions up to 2.7.7
Next Step
Update to 2.7.8 or newer if supported.
Open CVE-2022-1054 Report Open CVE Reference
Plugin Medium Patched: Yes
RSVP and Event Management <= 2.7.4 - Cross-Site Scripting

The RSVP and Event Management plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 2.7.4 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a vict...

Published
Jan 13, 2022
Patched Release
2.7.5
Affected Versions
Versions before 2.7.5
Next Step
Update to 2.7.5 or newer if supported.
Open Full Report
Plugin Medium Patched: Yes CVE-2017-18563
CVE-2017-18563: RSVP and Event Management Plugin <= 2.3.7 - Cross-Site Scripting

The rsvp plugin before 2.3.8 for WordPress has persistent XSS via the note field on the attendee-list screen.

Published
Jun 12, 2017
Patched Release
2.3.8
Affected Versions
Versions before 2.3.8
Next Step
Update to 2.3.8 or newer if supported.
Open CVE-2017-18563 Report Open CVE Reference