← back
CVE-2024-50491

WordPress RSVP ME plugin <= 1.9.9 - SQL Injection vulnerability

CVSS 9.3 CRITICALEPSS 1.0%CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MicahBlu RSVP ME rsvp-me allows SQL Injection.This issue affects RSVP ME: from n/a through <= 1.9.9.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
Affected products
MicahBlu · RSVP ME
public PoCs found1
githubgithub.com/RandomRobbieBF/CVE-2024-504911
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://patchstack.com/database/Wordpress/Plugin/rsvp-me/vulnerability/wordpress-rsvp-me-plugin-1-9-9-sql-injection-vulnerability?_s_id=cve