carrcommunications CVE Vulnerabilities & Metrics

Focus on carrcommunications vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About carrcommunications Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with carrcommunications. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total carrcommunications CVEs: 15
Earliest CVE date: 27 Aug 2019, 12:15 UTC
Latest CVE date: 04 Nov 2024, 14:15 UTC

Latest CVE reference: CVE-2024-50531

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 1

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): -85.71%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): -85.71%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical carrcommunications CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 2.55

Max CVSS: 7.5

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	8
4.0-6.9	5
7.0-8.9	2
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS carrcommunications CVEs

These are the five CVEs with the highest CVSS scores for carrcommunications, sorted by severity first and recency.

CVE-2019-15646 carrcommunications Published on 27 Aug 2019, 12:15 UTC (CVSS: 7.5)
The rsvpmaker plugin before 6.2 for WordPress has SQL injection.
CVE-2018-21004 carrcommunications Published on 27 Aug 2019, 12:15 UTC (CVSS: 7.5)
The rsvpmaker plugin before 5.6.4 for WordPress has SQL injection.
CVE-2022-1768 carrcommunications Published on 13 Jun 2022, 14:15 UTC (CVSS: 5.0)
The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to insufficient escaping and parameterization on user supplied data passed to multiple SQL queries in the ~/rsvpmaker-email.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to, and including, 9.3.2. Please note that this is separ...
CVE-2022-1505 carrcommunications Published on 10 May 2022, 20:15 UTC (CVSS: 5.0)
The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-api-endpoints.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to and including 9.2.6.
CVE-2022-1453 carrcommunications Published on 10 May 2022, 20:15 UTC (CVSS: 5.0)
The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-util.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to and including 9.2.5.

All CVEs for carrcommunications

CVE-2024-50531 carrcommunications vulnerability CVSS: 0 04 Nov 2024, 14:15 UTC

Unrestricted Upload of File with Dangerous Type vulnerability in David F. Carr RSVPMaker for Toastmasters allows Upload a Web Shell to a Web Server.This issue affects RSVPMaker for Toastmasters: from n/a through 6.2.4.

CVE-2023-25054 carrcommunications vulnerability CVSS: 0 29 Dec 2023, 09:15 UTC

Improper Control of Generation of Code ('Code Injection') vulnerability in David F. Carr RSVPMaker.This issue affects RSVPMaker: from n/a through 10.6.6.

CVE-2023-41652 carrcommunications vulnerability CVSS: 0 03 Nov 2023, 12:15 UTC

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker rsvpmaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 10.6.6.

CVE-2023-25047 carrcommunications vulnerability CVSS: 0 31 Oct 2023, 14:15 UTC

CVE-2023-25045 carrcommunications vulnerability CVSS: 0 31 Oct 2023, 14:15 UTC

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 9.9.3.

CVE-2023-27617 carrcommunications vulnerability CVSS: 0 27 Sep 2023, 15:18 UTC

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in David F. Carr RSVPMaker plugin <= 10.6.6 versions.

CVE-2023-27616 carrcommunications vulnerability CVSS: 0 27 Sep 2023, 15:18 UTC

Unauth. Stored Cross-Site Scripting (XSS) vulnerability in David F. Carr RSVPMaker plugin <= 10.6.6 versions.

CVE-2023-29095 carrcommunications vulnerability CVSS: 0 10 Jul 2023, 16:15 UTC

Auth. (admin+) SQL Injection (SQLi) vulnerability in David F. Carr RSVPMaker plugin < 10.5.5 versions.

CVE-2022-1768 carrcommunications vulnerability CVSS: 5.0 13 Jun 2022, 14:15 UTC

The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to insufficient escaping and parameterization on user supplied data passed to multiple SQL queries in the ~/rsvpmaker-email.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to, and including, 9.3.2. Please note that this is separate from CVE-2022-1453 & CVE-2022-1505.

CVE-2022-1505 carrcommunications vulnerability CVSS: 5.0 10 May 2022, 20:15 UTC

The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-api-endpoints.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to and including 9.2.6.

CVE-2022-1453 carrcommunications vulnerability CVSS: 5.0 10 May 2022, 20:15 UTC

The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-util.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to and including 9.2.5.

CVE-2021-38337 carrcommunications vulnerability CVSS: 4.3 10 Sep 2021, 14:15 UTC

The RSVPMaker Excel WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/phpexcel/PHPExcel/Shared/JAMA/docs/download.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.1.

CVE-2021-24371 carrcommunications vulnerability CVSS: 4.0 02 Aug 2021, 11:15 UTC

The Import feature of the RSVPMaker WordPress plugin before 8.7.3 (/wp-admin/tools.php?page=rsvpmaker_export_screen) takes an URL input and calls curl on it, without first validating it to ensure it's a remote one. As a result, a high privilege user could use that feature to scan the internal network via a SSRF attack.

CVE-2019-15646 carrcommunications vulnerability CVSS: 7.5 27 Aug 2019, 12:15 UTC

The rsvpmaker plugin before 6.2 for WordPress has SQL injection.

CVE-2018-21004 carrcommunications vulnerability CVSS: 7.5 27 Aug 2019, 12:15 UTC

The rsvpmaker plugin before 5.6.4 for WordPress has SQL injection.