VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 17 known issues Latest disclosed May 19, 2025

RSVPMaker Vulnerabilities

Review known vulnerability records for the WordPress plugin RSVPMaker (`rsvpmaker`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2025-48278, CVE-2025-31552 and CVE-2025-24600, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
17
High or Critical
13
Patch Coverage
100%
Last Updated
Dec 18, 2025
Priority CVE Quick Links

Fast paths into RSVPMaker CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
16
CVE-2023-25054 Critical 10.6.7
CVE-2023-25054 RSVPMaker Vulnerability

RSVPMaker <= 10.6.6 - Unauthenticated PHP Object Injection

CVE-2023-41652 Critical 10.6.7
CVE-2023-41652 RSVPMaker SQL Injection

RSVPMarker <= 10.6.6 - Unauthenticated SQL Injection

CVE-2022-1768 Critical 9.3.3
CVE-2022-1768 RSVPMaker SQL Injection

RSVPMaker <= 9.3.2 - Unauthenticated SQL Injection

CVE-2022-1505 Critical 9.2.7
CVE-2022-1505 RSVPMaker SQL Injection

RSVPMaker <= 9.2.6 - Unauthenticated SQL Injection

CVE-2022-1453 Critical 9.2.6
CVE-2022-1453 RSVPMaker SQL Injection

RSVPMaker <= 9.2.5 - Unauthenticated SQL Injection

CVE-2019-15646 Critical 6.2
CVE-2019-15646 RSVPMaker SQL Injection

RSVPMaker <= 6.1.9 - SQL Injection

CVE-2018-21004 Critical 5.6.4
CVE-2018-21004 RSVPMaker SQL Injection

RSVPMaker < 5.6.4 - SQL Injection

CVE-2025-31552 High 11.6.8
CVE-2025-31552 RSVPMaker SQL Injection

RSVPMarker <= 11.6.7 - Unauthenticated SQL Injection

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for RSVPMaker so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
17 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
8 critical and 5 high severity findings.
Recent CVEs
CVE-2025-48278, CVE-2025-31552 and CVE-2025-24600
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for RSVPMaker

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2025-48278
CVE-2025-48278: RSVPMarker <= 11.5.6 - Authenticated (Contributor+) SQL Injection

The RSVPMarker plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 11.5.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers...

Published
May 19, 2025
Patched Release
11.5.7
Affected Versions
Versions up to 11.5.6
Next Step
Update to 11.5.7 or newer if supported.
Open CVE-2025-48278 Report Open CVE Reference
Plugin High Patched: Yes CVE-2025-31552
CVE-2025-31552: RSVPMarker <= 11.6.7 - Unauthenticated SQL Injection

The RSVPMarker plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 11.6.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attacke...

Published
Mar 31, 2025
Patched Release
11.6.8
Affected Versions
Versions up to 11.6.7
Next Step
Update to 11.6.8 or newer if supported.
Open CVE-2025-31552 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-24600
CVE-2025-24600: RSVPMarker <= 11.4.5 - Missing Authorization

The RSVPMaker plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 11.4.5. This makes it possible for unauthenticated attackers to perform an unauthorized action.

Published
Jan 24, 2025
Patched Release
11.4.6
Affected Versions
Versions up to 11.4.5
Next Step
Update to 11.4.6 or newer if supported.
Open CVE-2025-24600 Report Open CVE Reference
Plugin Critical Patched: Yes CVE-2023-25054
CVE-2023-25054: RSVPMaker <= 10.6.6 - Unauthenticated PHP Object Injection

The RSVPMaker plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 10.6.6 via deserialization of untrusted input from the $details variable. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulner...

Published
Sep 05, 2023
Patched Release
10.6.7
Affected Versions
Versions up to 10.6.6
Next Step
Update to 10.6.7 or newer if supported.
Open CVE-2023-25054 Report Open CVE Reference
Plugin Critical Patched: Yes CVE-2023-41652
CVE-2023-41652: RSVPMarker <= 10.6.6 - Unauthenticated SQL Injection

The RSVPMarker plugin for WordPress is vulnerable to SQL Injection via the 'email' parameter in versions up to, and including, 10.6.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

Published
Sep 01, 2023
Patched Release
10.6.7
Affected Versions
Versions up to 10.6.6
Next Step
Update to 10.6.7 or newer if supported.
Open CVE-2023-41652 Report Open CVE Reference
Plugin High Patched: Yes CVE-2023-27616
CVE-2023-27616: RSVPMaker <= 10.6.5 - Unauthenticated Stored Cross-Site Scripting via 'email'

The RSVPMaker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 10.6.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

Published
Aug 17, 2023
Patched Release
10.6.6
Affected Versions
Versions up to 10.6.5
Next Step
Update to 10.6.6 or newer if supported.
Open CVE-2023-27616 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2023-27617
CVE-2023-27617: RSVPMarker <= 10.6.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via admin settings

The RSVPMarker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 10.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level pe...

Published
Aug 17, 2023
Patched Release
10.6.7
Affected Versions
Versions up to 10.6.5
Next Step
Update to 10.6.7 or newer if supported.
Open CVE-2023-27617 Report Open CVE Reference
Plugin High Patched: Yes CVE-2023-29095
CVE-2023-29095: RSVPMaker <= 10.5.4 - Authenticated (Administrator+) SQL Injection via 'resend'

The RSVPMaker plugin for WordPress is vulnerable to SQL Injection via the 'resend' parameter in versions up to, and including, 10.5.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

Published
Jul 05, 2023
Patched Release
10.5.5
Affected Versions
Versions before 10.5.5
Next Step
Update to 10.5.5 or newer if supported.
Open CVE-2023-29095 Report Open CVE Reference
Plugin High Patched: Yes CVE-2023-25045
CVE-2023-25045: RSVPMaker <= 9.9.3 - Authenticated (Admin+) SQL Injection via $email value

The RSVPMaker plugin for WordPress is vulnerable to SQL Injection via the ‘$email’ variable in versions up to, and including, 9.9.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

Published
Feb 13, 2023
Patched Release
9.9.4
Affected Versions
Versions up to 9.9.3
Next Step
Update to 9.9.4 or newer if supported.
Open CVE-2023-25045 Report Open CVE Reference
Plugin High Patched: Yes CVE-2023-25047
CVE-2023-25047: RSVPMaker <= 9.9.3 - Authenticated (Admin+) SQL Injection via 'delete' parameter

The RSVPMaker plugin for WordPress is vulnerable to SQL Injection via the 'delete' parameter in versions up to, and including, 9.9.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible fo...

Published
Feb 13, 2023
Patched Release
9.9.4
Affected Versions
Versions up to 9.9.3
Next Step
Update to 9.9.4 or newer if supported.
Open CVE-2023-25047 Report Open CVE Reference
Plugin Critical Patched: Yes CVE-2022-1768
CVE-2022-1768: RSVPMaker <= 9.3.2 - Unauthenticated SQL Injection

The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to insufficient escaping and parameterization on user supplied data passed to multiple SQL queries in the ~/rsvpmaker-email.php file. This makes it possible for unauthenticated attackers to stea...

Published
May 17, 2022
Patched Release
9.3.3
Affected Versions
Versions up to 9.3.2
Next Step
Update to 9.3.3 or newer if supported.
Open CVE-2022-1768 Report Open CVE Reference
Plugin Critical Patched: Yes CVE-2022-1505
CVE-2022-1505: RSVPMaker <= 9.2.6 - Unauthenticated SQL Injection

The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-api-endpoints.php file. This makes it possible for unauthenticated attackers to steal se...

Published
Apr 27, 2022
Patched Release
9.2.7
Affected Versions
Versions up to 9.2.6
Next Step
Update to 9.2.7 or newer if supported.
Open CVE-2022-1505 Report Open CVE Reference