{"id":"CVE-2022-1453","details":"The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-util.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to and including 9.2.5.","modified":"2026-04-02T07:39:52.284921Z","published":"2022-05-10T20:15:08.533Z","references":[{"type":"ADVISORY","url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6031edec-4274-4e42-9e3a-ce0c94958b17?source=cve"},{"type":"ADVISORY","url":"https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1453"},{"type":"FIX","url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2714389%40rsvpmaker&new=2714389%40rsvpmaker&sfp_email=&sfph_mail="},{"type":"FIX","url":"https://github.com/davidfcarr/rsvpmaker/commit/bfb189f49af7ab0d34499a2da772e3266f72167d"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/davidfcarr/rsvpmaker","events":[{"introduced":"0"},{"fixed":"bfb189f49af7ab0d34499a2da772e3266f72167d"}]},{"type":"GIT","repo":"https://github.com/davidfcarr/rsvpmaker","events":[{"introduced":"0"},{"fixed":"bfb189f49af7ab0d34499a2da772e3266f72167d"}]}],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"9.2.6"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-1453.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}