CVE-2023-41652

HIGH

RSVPMaker < 10.6.6 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-41652. PoCs published by RandomRobbieBF.

AI-analyzed exploit summary The repository contains a functional proof-of-concept for CVE-2023-41652, demonstrating an unauthenticated SQL injection vulnerability in the RSVPMarker WordPress plugin via the 'email' parameter. The PoC includes a crafted HTTP POST request with a time-based blind SQL injection payload.

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker rsvpmaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 10.6.6.

Exploits (1)

nomisec WORKING POC
by RandomRobbieBF · poc
https://github.com/RandomRobbieBF/CVE-2023-41652

The repository contains a functional proof-of-concept for CVE-2023-41652, demonstrating an unauthenticated SQL injection vulnerability in the RSVPMarker WordPress plugin via the 'email' parameter. The PoC includes a crafted HTTP POST request with a time-based blind SQL injection payload.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: RSVPMarker WordPress plugin <= 10.6.6
No auth needed
Prerequisites: Access to the target WordPress site with the vulnerable RSVPMarker plugin installed
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v3 8.2
EPSS 0.0086
EPSS Percentile 53.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-89
Status published
Products (2)
carrcommunications/rsvpmaker < 10.6.6
David F. Carr/RSVPMaker < 10.6.6
Published Nov 03, 2023
Tracked Since Feb 18, 2026