Description

WordPress Plugin RSVPMaker is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. WordPress Plugin RSVPMaker version 6.1.9 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 6.2 or latest

References

https://plugins.trac.wordpress.org/browser/rsvpmaker/trunk/README.txt?rev=2076471

Related Vulnerabilities

WordPress Plugin WPQA-Builder forms Addon For WordPress Insecure Direct Object Reference (5.9.2)

WordPress Plugin WordPress Photo Gallery by Gallery Bank SQL Injection (3.0.229)

Joomla! Core 3.0.x Cross-Site Scripting (3.0.0 - 3.0.3)

WordPress Plugin AccessAlly PHP Code Execution (3.3.1)

WordPress Plugin Theme Editor Multiple Vulnerabilities (2.1)

Severity

High

Classification

CVE-2019-15646 CWE-89 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

Tags

Missing Update SQL Injection