CVE-2023-29095: 
WordPress vulnerability analysis and mitigation

Auth. (admin+) SQL Injection (SQLi) vulnerability was discovered in David F. Carr RSVPMaker WordPress plugin affecting versions below 10.5.5. The vulnerability was reported on April 2, 2023, and publicly disclosed on July 5, 2023. This security issue affects the RSVPMaker WordPress plugin installations that haven't been updated to version 10.5.5 or later (Patchstack).

The vulnerability is classified as SQL Injection (CWE-89) with a CVSS v3.1 base score of 7.2 (HIGH) according to NVD, and 7.6 (HIGH) according to Patchstack. The CVSS vector string is CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H, indicating that the vulnerability is network accessible, requires high privileges, but no user interaction (NVD).

The SQL Injection vulnerability could allow a malicious actor with administrative privileges to directly interact with the database, potentially leading to unauthorized data access, modification, or theft of sensitive information (Patchstack).

The vulnerability has been fixed in RSVPMaker version 10.5.5. Users are advised to update to version 10.5.5 or later to remove the vulnerability. Patchstack users can enable auto-update for vulnerable plugins as an additional security measure (Patchstack).