CVE-2025-24683

{"id": "CVE-2025-24683", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2025-24683", "role": "CISA Coordinator", "options": [{"exploitation": "none"}, {"automatable": "no"}, {"technicalImpact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-24T17:56:12.657245Z"}}], "cvssMetricV31": [{"type": "Secondary", "source": "audit@patchstack.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 4.7, "exploitabilityScore": 2.3}]}, "affected": [{"source": "audit@patchstack.com", "affectedData": [{"vendor": "WP Chill", "product": "RSVP and Event Management", "versions": [{"status": "affected", "changes": [{"at": "2.7.15", "status": "unaffected"}], "version": "0", "versionType": "custom", "lessThanOrEqual": "2.7.14"}], "packageName": "rsvp", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}]}], "published": "2025-01-24T18:15:42.133", "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/rsvp/vulnerability/wordpress-rsvp-and-event-management-plugin-2-7-14-sql-injection-vulnerability?_s_id=cve", "source": "audit@patchstack.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "audit@patchstack.com", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Chill RSVP and Event Management rsvp allows SQL Injection.This issue affects RSVP and Event Management: from n/a through <= 2.7.14."}, {"lang": "es", "value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en WPChill RSVP and Event Management Plugin que permite la inyecci\u00f3n SQL. Este problema afecta al complemento RSVP y administraci\u00f3n de eventos: desde n/a hasta 2.7.14."}], "lastModified": "2026-06-17T08:59:26.060", "sourceIdentifier": "audit@patchstack.com"}