CVE-2025-24683

HIGH

WPChill RSVP & Event Mgmt <2.7.14 - SQL Injection

Title source: llm
STIX 2.1

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Chill RSVP and Event Management rsvp allows SQL Injection.This issue affects RSVP and Event Management: from n/a through <= 2.7.14.

Scores

CVSS v3 7.6
EPSS 0.0056
EPSS Percentile 42.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (2)
WP Chill/RSVP and Event Management < 2.7.14
WPChill/RSVP and Event Management Plugin < 2.7.14
Published Jan 24, 2025
Tracked Since Feb 18, 2026