EIP-2026-114019
PRE-CVEWordPress Plugin RSVPMaker 2.5.4 - Persistent Cross-Site Scripting
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-114019. PoCs published by Chris Kellum.
AI-analyzed exploit summary This is a writeup detailing a persistent XSS vulnerability in WordPress RSVPMaker v2.5.4. The exploit describes how input fields in the RSVP form are not properly sanitized, allowing XSS payloads to execute when an admin views the attendance list.
Description
WordPress Plugin RSVPMaker 2.5.4 - Persistent Cross-Site Scripting
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Chris Kellum · textwebappsphp
https://www.exploit-db.com/exploits/20474
This is a writeup detailing a persistent XSS vulnerability in WordPress RSVPMaker v2.5.4. The exploit describes how input fields in the RSVP form are not properly sanitized, allowing XSS payloads to execute when an admin views the attendance list.
Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:
WordPress RSVPMaker v2.5.4
No auth needed
Prerequisites:
Access to the RSVP form input fields
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026