Muhammad Arsalan Diponegoro

**Name of the Vulnerable Software and Affected Versions** RSVPMaker versions through 9.9.3 **Description** The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. **Recommendations** For versions through 9.9.3, update to a version later than 9.9.3 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** David F. Carr RSVPMaker plugin versions <= 10.6.6 **Description** The issue is an Unauth. Stored Cross-Site Scripting (XSS) vulnerability. This means that an attacker can inject malicious scripts into the application, which can then be executed by other users. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For David F. Carr RSVPMaker plugin versions <= 10.6.6, update to a version higher than 10.6.6 to resolve the issue. As a temporary workaround, consider restricting access to the plugin until a patch is available. Avoid using the plugin for sensitive operations until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** David F. Carr RSVPMaker plugin versions <= 10.6.6 **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability that affects authenticated administrators. This type of vulnerability allows an attacker to inject malicious scripts into the website, which can then be executed by other users, potentially leading to unauthorized actions or data theft. **Recommendations** For David F. Carr RSVPMaker plugin versions <= 10.6.6, update to a version higher than 10.6.6 to resolve the issue. At the moment, there is no information about other specific mitigation measures for this vulnerability.