Critical severity9.8NVD Advisory· Published May 10, 2022· Updated Apr 8, 2026
CVE-2022-1453
CVE-2022-1453
Description
The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-util.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to and including 9.2.5.
Affected products
1- cpe:2.3:a:carrcommunications:rsvpmaker:*:*:*:*:*:wordpress:*:*Range: <9.2.6
Patches
1bfb189f49af7https://github.com/davidfcarr/rsvpmakervia nvd-ref
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4- github.com/davidfcarr/rsvpmaker/commit/bfb189f49af7ab0d34499a2da772e3266f72167dnvdPatch
- plugins.trac.wordpress.org/changesetnvdPatch
- www.wordfence.com/threat-intel/vulnerabilities/id/6031edec-4274-4e42-9e3a-ce0c94958b17nvdThird Party Advisory
- www.wordfence.com/vulnerability-advisories/nvdThird Party Advisory
News mentions
0No linked articles in our index yet.