Rsvpmaker Project - Rsvpmaker CVE

Filtered by vendor Rsvpmaker Project Subscribe

Filtered by product Rsvpmaker

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 1 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2021-24371	1 Rsvpmaker Project	1 Rsvpmaker	2021-08-10	4.0 MEDIUM	2.7 LOW
The Import feature of the RSVPMaker WordPress plugin before 8.7.3 (/wp-admin/tools.php?page=rsvpmaker_export_screen) takes an URL input and calls curl on it, without first validating it to ensure it's a remote one. As a result, a high privilege user could use that feature to scan the internal network via a SSRF attack.

Vulnerabilities (CVE)