SQL Injection Vulnerability in WPChill RSVP and Event Management Plugin
CVE-2025-24683

7.6HIGH

Key Information:

Vendor: WordPress
Status: Rsvp And Event Management Plugin
Vendor: CVE Published:; 24 January 2025

Summary

An SQL Injection vulnerability exists in the WPChill RSVP and Event Management Plugin, which allows attackers to inject malicious SQL statements through improperly sanitized user inputs. This vulnerability impacts versions from n/a through 2.7.14, enabling unauthorized access to the database and potentially compromising sensitive data. Website administrators are urged to update their plugins to the latest version to safeguard against this risk.

Affected Version(s)

RSVP and Event Management Plugin <= 2.7.14

References

https://patchstack.com/database/wordpress/plugin/rsvp/vul...

vdb-entry

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jan 24, 2025
Vulnerability Reserved
Jan 23, 2025

Credit

AHMAD SOPYAN (Patchstack Alliance)