Description
WordPress Plugin RSVPMaker is prone to a server-side request forgery vulnerability. An attacker may leverage this issue to make the vulnerable server perform port scanning of hosts in internal or external networks; other attacks are also possible. WordPress Plugin RSVPMaker version 8.7.2 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 8.7.4 or latest
References
https://codevigilant.com/disclosure/2021/wp-plugin-rsvpmaker/
https://plugins.trac.wordpress.org/changeset/2536674/rsvpmaker
https://plugins.svn.wordpress.org/rsvpmaker/trunk/README.txt
Related Vulnerabilities
WordPress Plugin Two Way CHAT-Send or receive messages to your user Multiple Vulnerabilities (3.1.4)
WordPress Plugin WP Customer Reviews Multiple Vulnerabilities (3.0.8)
WordPress Plugin Async JavaScript Security Bypass (2.19.07.14)
WordPress Plugin WP SEO TDK Security Bypass (2.0.2)
WordPress Plugin WP-PostViews Cross-Site Request Forgery (1.62)