Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
10 vulnerabilities by davidfcarr
CVE-2026-1830 (GCVE-0-2026-1830)
Vulnerability from cvelistv5 – Published: 2026-04-09 03:25 – Updated: 2026-04-09 13:34
VLAI?
Title
Quick Playground <= 1.3.1 - Missing Authorization to Unauthenticated Arbitrary File Upload
Summary
The Quick Playground plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.1. This is due to insufficient authorization checks on REST API endpoints that expose a sync code and allow arbitrary file uploads. This makes it possible for unauthenticated attackers to retrieve the sync code, upload PHP files with path traversal, and achieve remote code execution on the server.
Severity ?
9.8 (Critical)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| davidfcarr | Quick Playground |
Affected:
0 , ≤ 1.3.1
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1830",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-09T13:32:29.081531Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T13:34:45.661Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Quick Playground",
"vendor": "davidfcarr",
"versions": [
{
"lessThanOrEqual": "1.3.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Athiwat Tiprasaharn"
},
{
"lang": "en",
"type": "finder",
"value": "Itthidej Aramsri"
},
{
"lang": "en",
"type": "finder",
"value": "Vilaysone CHANTHAVONG"
},
{
"lang": "en",
"type": "finder",
"value": "Waris Damkham"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Quick Playground plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.1. This is due to insufficient authorization checks on REST API endpoints that expose a sync code and allow arbitrary file uploads. This makes it possible for unauthenticated attackers to retrieve the sync code, upload PHP files with path traversal, and achieve remote code execution on the server."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T03:25:57.200Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/308cd28a-a477-4bc6-a392-ad5a9eca1cb5?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/quick-playground/trunk/api.php#L39"
},
{
"url": "https://plugins.trac.wordpress.org/browser/quick-playground/trunk/expro-api.php#L419"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3500839%40quick-playground\u0026new=3500839%40quick-playground\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-03T23:23:04.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-04-08T14:35:08.000Z",
"value": "Disclosed"
}
],
"title": "Quick Playground \u003c= 1.3.1 - Missing Authorization to Unauthenticated Arbitrary File Upload"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-1830",
"datePublished": "2026-04-09T03:25:57.200Z",
"dateReserved": "2026-02-03T14:35:29.820Z",
"dateUpdated": "2026-04-09T13:34:45.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-48278 (GCVE-0-2025-48278)
Vulnerability from cvelistv5 – Published: 2025-05-19 14:45 – Updated: 2026-04-01 15:54
VLAI?
Title
WordPress RSVPMarker plugin <= 11.5.6 - SQL Injection Vulnerability
Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in davidfcarr RSVPMarker rsvpmaker allows SQL Injection.This issue affects RSVPMarker : from n/a through <= 11.5.6.
Severity ?
No CVSS data available.
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| davidfcarr | RSVPMarker |
Affected:
0 , ≤ 11.5.6
(custom)
|
Date Public ?
2026-04-01 16:40
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48278",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-19T15:07:20.163508Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-19T15:16:36.067Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "rsvpmaker",
"product": "RSVPMarker",
"vendor": "davidfcarr",
"versions": [
{
"changes": [
{
"at": "11.5.7",
"status": "unaffected"
}
],
"lessThanOrEqual": "11.5.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Martino Spagnuolo (r3verii) | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:40:49.894Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in davidfcarr RSVPMarker rsvpmaker allows SQL Injection.\u003cp\u003eThis issue affects RSVPMarker : from n/a through \u003c= 11.5.6.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in davidfcarr RSVPMarker rsvpmaker allows SQL Injection.This issue affects RSVPMarker : from n/a through \u003c= 11.5.6."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "SQL Injection"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T15:54:31.070Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/rsvpmaker/vulnerability/wordpress-rsvpmarker-11-5-6-sql-injection-vulnerability?_s_id=cve"
}
],
"title": "WordPress RSVPMarker plugin \u003c= 11.5.6 - SQL Injection Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-48278",
"datePublished": "2025-05-19T14:45:26.912Z",
"dateReserved": "2025-05-19T14:13:24.502Z",
"dateUpdated": "2026-04-01T15:54:31.070Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-39435 (GCVE-0-2025-39435)
Vulnerability from cvelistv5 – Published: 2025-04-17 15:16 – Updated: 2026-04-01 15:51
VLAI?
Title
WordPress My Marginalia plugin <= 1.0.6 - CSRF to Stored XSS vulnerability
Summary
Cross-Site Request Forgery (CSRF) vulnerability in davidfcarr My Marginalia my-marginalia allows Stored XSS.This issue affects My Marginalia: from n/a through <= 1.0.6.
Severity ?
No CVSS data available.
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| davidfcarr | My Marginalia |
Affected:
0 , ≤ 1.0.6
(custom)
|
Date Public ?
2026-04-01 16:39
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-39435",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T18:10:14.337499Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T18:45:26.299Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "my-marginalia",
"product": "My Marginalia",
"vendor": "davidfcarr",
"versions": [
{
"lessThanOrEqual": "1.0.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "johska | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:39:15.888Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in davidfcarr My Marginalia my-marginalia allows Stored XSS.\u003cp\u003eThis issue affects My Marginalia: from n/a through \u003c= 1.0.6.\u003c/p\u003e"
}
],
"value": "Cross-Site Request Forgery (CSRF) vulnerability in davidfcarr My Marginalia my-marginalia allows Stored XSS.This issue affects My Marginalia: from n/a through \u003c= 1.0.6."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "Stored XSS"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T15:51:57.744Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/my-marginalia/vulnerability/wordpress-my-marginalia-plugin-1-0-6-csrf-to-stored-xss-vulnerability?_s_id=cve"
}
],
"title": "WordPress My Marginalia plugin \u003c= 1.0.6 - CSRF to Stored XSS vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-39435",
"datePublished": "2025-04-17T15:16:56.011Z",
"dateReserved": "2025-04-16T06:23:15.163Z",
"dateUpdated": "2026-04-01T15:51:57.744Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-31552 (GCVE-0-2025-31552)
Vulnerability from cvelistv5 – Published: 2025-04-01 20:58 – Updated: 2026-04-01 15:49
VLAI?
Title
WordPress RSVPMarker plugin <= 11.6.7 - SQL Injection vulnerability
Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in davidfcarr RSVPMarker rsvpmaker allows SQL Injection.This issue affects RSVPMarker : from n/a through <= 11.6.7.
Severity ?
No CVSS data available.
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| davidfcarr | RSVPMarker |
Affected:
0 , ≤ 11.6.7
(custom)
|
Date Public ?
2026-04-01 16:37
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-31552",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-02T13:22:09.680763Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-02T13:22:17.806Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "rsvpmaker",
"product": "RSVPMarker",
"vendor": "davidfcarr",
"versions": [
{
"changes": [
{
"at": "11.6.8",
"status": "unaffected"
}
],
"lessThanOrEqual": "11.6.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aiden | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:37:17.034Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in davidfcarr RSVPMarker rsvpmaker allows SQL Injection.\u003cp\u003eThis issue affects RSVPMarker : from n/a through \u003c= 11.6.7.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in davidfcarr RSVPMarker rsvpmaker allows SQL Injection.This issue affects RSVPMarker : from n/a through \u003c= 11.6.7."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "SQL Injection"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T15:49:02.624Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/rsvpmaker/vulnerability/wordpress-rsvpmarker-plugin-11-4-8-sql-injection-vulnerability?_s_id=cve"
}
],
"title": "WordPress RSVPMarker plugin \u003c= 11.6.7 - SQL Injection vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-31552",
"datePublished": "2025-04-01T20:58:12.477Z",
"dateReserved": "2025-03-31T10:05:28.896Z",
"dateUpdated": "2026-04-01T15:49:02.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-24600 (GCVE-0-2025-24600)
Vulnerability from cvelistv5 – Published: 2025-01-27 14:22 – Updated: 2026-04-01 15:44
VLAI?
Title
WordPress RSVPMaker plugin <= 11.4.5 - Broken Access Control vulnerability
Summary
Missing Authorization vulnerability in davidfcarr RSVPMarker rsvpmaker.This issue affects RSVPMarker : from n/a through <= 11.4.5.
Severity ?
No CVSS data available.
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| davidfcarr | RSVPMarker |
Affected:
0 , ≤ 11.4.5
(custom)
|
Date Public ?
2026-04-01 16:34
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24600",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-27T15:01:41.251467Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T20:01:11.968Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "rsvpmaker",
"product": "RSVPMarker",
"vendor": "davidfcarr",
"versions": [
{
"changes": [
{
"at": "11.4.6",
"status": "unaffected"
}
],
"lessThanOrEqual": "11.4.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mika | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:34:01.444Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in davidfcarr RSVPMarker rsvpmaker.\u003cp\u003eThis issue affects RSVPMarker : from n/a through \u003c= 11.4.5.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in davidfcarr RSVPMarker rsvpmaker.This issue affects RSVPMarker : from n/a through \u003c= 11.4.5."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T15:44:13.346Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/rsvpmaker/vulnerability/wordpress-rsvpmaker-plugin-11-4-5-broken-access-control-vulnerability?_s_id=cve"
}
],
"title": "WordPress RSVPMaker plugin \u003c= 11.4.5 - Broken Access Control vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-24600",
"datePublished": "2025-01-27T14:22:15.699Z",
"dateReserved": "2025-01-23T14:50:57.839Z",
"dateUpdated": "2026-04-01T15:44:13.346Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-23531 (GCVE-0-2025-23531)
Vulnerability from cvelistv5 – Published: 2025-01-27 14:22 – Updated: 2026-04-01 15:42
VLAI?
Title
WordPress RSVPMaker Volunteer Roles plugin <= 1.5.1 - Reflected Cross Site Scripting (XSS) vulnerability
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in davidfcarr RSVPMaker Volunteer Roles rsvpmaker-volunteer-roles allows Reflected XSS.This issue affects RSVPMaker Volunteer Roles: from n/a through <= 1.5.1.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| davidfcarr | RSVPMaker Volunteer Roles |
Affected:
0 , ≤ 1.5.1
(custom)
|
Date Public ?
2026-04-01 16:32
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-23531",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-27T15:31:07.365746Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-27T15:31:11.802Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "rsvpmaker-volunteer-roles",
"product": "RSVPMaker Volunteer Roles",
"vendor": "davidfcarr",
"versions": [
{
"lessThanOrEqual": "1.5.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jo\u00e3o Pedro S Alc\u00e2ntara (Kinorth) | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:32:50.170Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in davidfcarr RSVPMaker Volunteer Roles rsvpmaker-volunteer-roles allows Reflected XSS.\u003cp\u003eThis issue affects RSVPMaker Volunteer Roles: from n/a through \u003c= 1.5.1.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in davidfcarr RSVPMaker Volunteer Roles rsvpmaker-volunteer-roles allows Reflected XSS.This issue affects RSVPMaker Volunteer Roles: from n/a through \u003c= 1.5.1."
}
],
"impacts": [
{
"capecId": "CAPEC-591",
"descriptions": [
{
"lang": "en",
"value": "Reflected XSS"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T15:42:22.206Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/rsvpmaker-volunteer-roles/vulnerability/wordpress-rsvpmaker-volunteer-roles-plugin-1-5-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"title": "WordPress RSVPMaker Volunteer Roles plugin \u003c= 1.5.1 - Reflected Cross Site Scripting (XSS) vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-23531",
"datePublished": "2025-01-27T14:22:13.384Z",
"dateReserved": "2025-01-16T11:25:49.096Z",
"dateUpdated": "2026-04-01T15:42:22.206Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-50531 (GCVE-0-2024-50531)
Vulnerability from cvelistv5 – Published: 2024-11-04 13:39 – Updated: 2026-04-01 15:37
VLAI?
Title
WordPress RSVPMaker for Toastmasters plugin <= 6.2.4 - Arbitrary File Upload vulnerability
Summary
Unrestricted Upload of File with Dangerous Type vulnerability in davidfcarr RSVPMaker for Toastmasters rsvpmaker-for-toastmasters allows Upload a Web Shell to a Web Server.This issue affects RSVPMaker for Toastmasters: from n/a through <= 6.2.4.
Severity ?
No CVSS data available.
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| davidfcarr | RSVPMaker for Toastmasters |
Affected:
0 , ≤ 6.2.4
(custom)
|
Date Public ?
2026-04-01 16:28
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:davidfcarr:rsvpmarker:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rsvpmarker",
"vendor": "davidfcarr",
"versions": [
{
"lessThanOrEqual": "6.2.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-50531",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-04T16:36:17.356901Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T16:37:24.952Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "rsvpmaker-for-toastmasters",
"product": "RSVPMaker for Toastmasters",
"vendor": "davidfcarr",
"versions": [
{
"changes": [
{
"at": "6.2.5",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.2.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "stealthcopter | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:28:55.461Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in davidfcarr RSVPMaker for Toastmasters rsvpmaker-for-toastmasters allows Upload a Web Shell to a Web Server.\u003cp\u003eThis issue affects RSVPMaker for Toastmasters: from n/a through \u003c= 6.2.4.\u003c/p\u003e"
}
],
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in davidfcarr RSVPMaker for Toastmasters rsvpmaker-for-toastmasters allows Upload a Web Shell to a Web Server.This issue affects RSVPMaker for Toastmasters: from n/a through \u003c= 6.2.4."
}
],
"impacts": [
{
"capecId": "CAPEC-650",
"descriptions": [
{
"lang": "en",
"value": "Upload a Web Shell to a Web Server"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T15:37:10.367Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/rsvpmaker-for-toastmasters/vulnerability/wordpress-rsvpmaker-for-toastmasters-plugin-6-2-4-arbitrary-file-upload-vulnerability?_s_id=cve"
}
],
"title": "WordPress RSVPMaker for Toastmasters plugin \u003c= 6.2.4 - Arbitrary File Upload vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-50531",
"datePublished": "2024-11-04T13:39:36.077Z",
"dateReserved": "2024-10-24T07:27:40.366Z",
"dateUpdated": "2026-04-01T15:37:10.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-1768 (GCVE-0-2022-1768)
Vulnerability from cvelistv5 – Published: 2022-06-13 13:08 – Updated: 2026-04-08 17:19
VLAI?
Title
RSVPMaker <= 9.3.2 - Unauthenticated SQL Injection
Summary
The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to insufficient escaping and parameterization on user supplied data passed to multiple SQL queries in the ~/rsvpmaker-email.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to, and including, 9.3.2.
Please note that this is separate from CVE-2022-1453 & CVE-2022-1505.
Severity ?
9.8 (Critical)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| davidfcarr | RSVPMaker |
Affected:
0 , ≤ 9.3.2
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:16:59.847Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c1d02646-271a-4079-8a47-00b4029e9c1f?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://gist.github.com/Xib3rR4dAr/441d6bb4a5b8ad4b25074a49210a02cc"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1768"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2725322%40rsvpmaker\u0026new=2725322%40rsvpmaker\u0026sfp_email=\u0026sfph_mail="
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/176549/WordPress-RSVPMaker-9.3.2-SQL-Injection.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-1768",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-20T15:22:26.373189Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T15:22:39.529Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "RSVPMaker",
"vendor": "davidfcarr",
"versions": [
{
"lessThanOrEqual": "9.3.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Muhammad Zeeshan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to insufficient escaping and parameterization on user supplied data passed to multiple SQL queries in the ~/rsvpmaker-email.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to, and including, 9.3.2. \r\n\r\nPlease note that this is separate from CVE-2022-1453 \u0026 CVE-2022-1505."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:19:57.034Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c1d02646-271a-4079-8a47-00b4029e9c1f?source=cve"
},
{
"url": "https://gist.github.com/Xib3rR4dAr/441d6bb4a5b8ad4b25074a49210a02cc"
},
{
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1768"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2725322%40rsvpmaker\u0026new=2725322%40rsvpmaker\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2022-05-17T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "RSVPMaker \u003c= 9.3.2 - Unauthenticated SQL Injection"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2022-1768",
"datePublished": "2022-06-13T13:08:27.000Z",
"dateReserved": "2022-05-17T00:00:00.000Z",
"dateUpdated": "2026-04-08T17:19:57.034Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-1505 (GCVE-0-2022-1505)
Vulnerability from cvelistv5 – Published: 2022-05-10 19:35 – Updated: 2026-04-08 16:58
VLAI?
Title
RSVPMaker <= 9.2.6 - Unauthenticated SQL Injection
Summary
The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-api-endpoints.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to and including 9.2.6.
Severity ?
9.8 (Critical)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| davidfcarr | RSVPMaker |
Affected:
0 , ≤ 9.2.6
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:06.340Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6837b91d-b3ba-435a-965b-fa18d9b9b9c8?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2715095%40rsvpmaker\u0026new=2715095%40rsvpmaker\u0026sfp_email=\u0026sfph_mail="
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1505"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-1505",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:15:52.744764Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T16:41:54.756Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "RSVPMaker",
"vendor": "davidfcarr",
"versions": [
{
"lessThanOrEqual": "9.2.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tobias Kay Dal\u00e5 (oxnan)"
}
],
"descriptions": [
{
"lang": "en",
"value": "The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-api-endpoints.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to and including 9.2.6."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:58:25.101Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6837b91d-b3ba-435a-965b-fa18d9b9b9c8?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2715095%40rsvpmaker\u0026new=2715095%40rsvpmaker\u0026sfp_email=\u0026sfph_mail="
},
{
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1505"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-04-27T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "RSVPMaker \u003c= 9.2.6 - Unauthenticated SQL Injection"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2022-1505",
"datePublished": "2022-05-10T19:35:59.000Z",
"dateReserved": "2022-04-27T00:00:00.000Z",
"dateUpdated": "2026-04-08T16:58:25.101Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-1453 (GCVE-0-2022-1453)
Vulnerability from cvelistv5 – Published: 2022-05-10 19:29 – Updated: 2026-04-08 16:56
VLAI?
Title
RSVPMaker <= 9.2.5 - Unauthenticated SQL Injection
Summary
The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-util.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to and including 9.2.5.
Severity ?
9.8 (Critical)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| davidfcarr | RSVPMaker |
Affected:
0 , ≤ 9.2.5
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:06.252Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6031edec-4274-4e42-9e3a-ce0c94958b17?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/davidfcarr/rsvpmaker/commit/bfb189f49af7ab0d34499a2da772e3266f72167d"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1453"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2714389%40rsvpmaker\u0026new=2714389%40rsvpmaker\u0026sfp_email=\u0026sfph_mail="
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-1453",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:15:54.280794Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T16:42:18.137Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "RSVPMaker",
"vendor": "davidfcarr",
"versions": [
{
"lessThanOrEqual": "9.2.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tobias Kay Dal\u00e5 (oxnan)"
}
],
"descriptions": [
{
"lang": "en",
"value": "The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-util.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to and including 9.2.5."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:56:32.383Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6031edec-4274-4e42-9e3a-ce0c94958b17?source=cve"
},
{
"url": "https://github.com/davidfcarr/rsvpmaker/commit/bfb189f49af7ab0d34499a2da772e3266f72167d"
},
{
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1453"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2714389%40rsvpmaker\u0026new=2714389%40rsvpmaker\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2022-04-24T00:00:00.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2022-04-26T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "RSVPMaker \u003c= 9.2.5 - Unauthenticated SQL Injection"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2022-1453",
"datePublished": "2022-05-10T19:29:20.000Z",
"dateReserved": "2022-04-24T00:00:00.000Z",
"dateUpdated": "2026-04-08T16:56:32.383Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}