CVE-2024-50491

CRITICAL

MicahBlu RSVP ME < 1.9.9 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-50491. PoCs published by RandomRobbieBF.

AI-analyzed exploit summary This repository contains a proof-of-concept for CVE-2024-50491, an unauthenticated SQL injection vulnerability in the RSVP ME WordPress plugin (versions up to 1.9.9). The PoC demonstrates the use of sqlmap to exploit the vulnerability via the 'id' parameter in the 'rsvp_me_event_data' action.

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MicahBlu RSVP ME rsvp-me allows SQL Injection.This issue affects RSVP ME: from n/a through <= 1.9.9.

Exploits (1)

nomisec WORKING POC
by RandomRobbieBF · poc
https://github.com/RandomRobbieBF/CVE-2024-50491

This repository contains a proof-of-concept for CVE-2024-50491, an unauthenticated SQL injection vulnerability in the RSVP ME WordPress plugin (versions up to 1.9.9). The PoC demonstrates the use of sqlmap to exploit the vulnerability via the 'id' parameter in the 'rsvp_me_event_data' action.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: RSVP ME WordPress plugin <= 1.9.9
No auth needed
Prerequisites: Access to the target WordPress site with the vulnerable plugin installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 9.3
EPSS 0.0100
EPSS Percentile 58.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (2)
MicahBlu/RSVP ME < 1.9.9
micahblu/rsvp_me < 1.9.9
Published Oct 28, 2024
Tracked Since Feb 18, 2026