WP-Safety

RSVPMaker for Toastmasters Security & Risk Analysis

wordpress.org/plugins/rsvpmaker-for-toastmasters

This Toastmasters-specific extension to the RSVPMaker events plugin adds role signups and member performance tracking.

10 active installs v6.6.5 PHP 5.6+ WP 5.0+ Updated Mar 14, 2026
toastmasters
97
A · Safe
CVEs total1
Unpatched0
Last CVEOct 30, 2024
Plugin page Download
Safety Verdict

Is RSVPMaker for Toastmasters Safe to Use in 2026?

Generally Safe

Score 97/100

RSVPMaker for Toastmasters has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Oct 30, 2024Updated 20d ago
Risk Assessment

The rsvpmaker-for-toastmasters plugin presents a mixed security posture. While it demonstrates some good practices, such as a high percentage of prepared SQL statements and a substantial number of nonce and capability checks, significant concerns remain. The presence of a critical historical CVE for unrestricted file uploads with dangerous types, even if currently patched, suggests a past tendency towards vulnerabilities that could be exploited again. The static analysis reveals a notable attack surface with 5 out of 24 entry points lacking authentication checks, including AJAX handlers. Furthermore, 10 high-severity taint flows were identified, indicating potential pathways for malicious data to be processed without adequate sanitization. The use of `unserialize` is also a red flag, as it can lead to object injection vulnerabilities if not handled with extreme care, especially when dealing with user-supplied data.

Key Concerns

  • Unauthenticated AJAX handlers present
  • High severity taint flows found
  • Use of unserialize function
  • Historical critical CVE
  • Flows with unsanitized paths
Vulnerabilities
1

RSVPMaker for Toastmasters Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Critical
1

1 total CVE

CVE-2024-50531critical · 9.8Unrestricted Upload of File with Dangerous Type

RSVPMaker for Toastmasters <= 6.2.4 - Unauthenticated Arbitrary File Upload

Oct 30, 2024 Patched in 6.2.5 (8d)
Code Analysis
Analyzed Mar 17, 2026

RSVPMaker for Toastmasters Code Analysis

Dangerous Functions
9
Raw SQL Queries
38
179 prepared
Unescaped Output
432
700 escaped
Nonce Checks
78
Capability Checks
107
File Operations
34
External Requests
3
Bundled Libraries
1

Dangerous Functions Found

unserialize$ballot = unserialize($row->meta_value);api-test.php:1062
unserialize$ballot = unserialize($row->meta_value);api.php:1079
unserialize$value = unserialize( $meta_value );tm-reports.php:3575
unserialize$value = unserialize( $meta_value );tm-reports.php:3784
unserialize$prompts = (object) unserialize( $serialized );tm-reports.php:4402
unserialize$metadata = unserialize( $transaction['metadata'] );tm-reports.php:6503
unserialize$ballot = unserialize($row->meta_value);tm-reports.php:7136
unserialize$ballot = unserialize($row->meta_value);tm-reports.php:7337
unserialize$userdata = (array) unserialize( $row->data );toastmasters-privacy.php:29

Bundled Libraries

Select2

SQL Query Safety

82% prepared217 total queries

Output Escaping

62% escaped1132 total outputs
Data Flows
32 unsanitized

Data Flow Analysis

25 flows32 with unsanitized paths
<api-test> (api-test.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
5 unprotected

RSVPMaker for Toastmasters Attack Surface

Entry Points24
Unprotected5

AJAX Handlers 10

authwp_ajax_wptoast_role_planner_updateactions.php:18
authwp_ajax_add_speechtm-reports.php:156
authwp_ajax_remove_meta_speechtm-reports.php:165
authwp_ajax_increment_stattm-reports.php:1797
authwp_ajax_tm_edit_detailtm-reports.php:3941
authwp_ajax_delete_tm_detailtm-reports.php:3972
authwp_ajax_editor_assigntm-reports.php:4001
authwp_ajax_absences_removetm-reports.php:4019
authwp_ajax_editor_absencestm-reports.php:4037
authwp_ajax_edit_member_statstm-reports.php:4734

Shortcodes 14

[wpt_contests_prompt] contest.php:124
[toast_ballot_standalone] contest.php:1942
[title_abbrev_tester] email-forwarders-and-groups.php:1146
[consolidated_forwarders_test] email-forwarders-and-groups.php:1645
[fth_importer_docs] fth-importer.php:205
[toastmost_mobile_qr_shortcode] mobile.php:2
[toastmost_qr_deeplink] mobile.php:41
[club_fee_schedule] tm-online-application.php:160
[wp4t_dues_renewal] tm-online-application.php:992
[latest_manual_test] tm-reports.php:495
[evaluation_link] tm-reports.php:4201
[wp4t_evaluations_demo2021] tm-reports.php:4323
[wp4t_todolist] todo-list.php:2
[time_planner_2020] utility.php:1947
WordPress Hooks 131
actioninitactions.php:2
actiontoastmasters_agenda_notificationactions.php:14
actiontoastmasters_agenda_notificationactions.php:15
actionwp4toast_reminders_introsactions.php:16
actioninitactions.php:17
actionwp4t_reminders_nudgeactions.php:19
actionrefresh_tm_historyactions.php:20
actionadmin_initactions.php:21
filterdefault_titleactions.php:22
filterdefault_contentactions.php:23
actionwp4t_add_history_to_tableactions.php:24
actionwpt_update_speech_history_by_idactions.php:25
actionwpt_remove_history_by_idactions.php:26
actionwpt_update_history_by_idactions.php:27
actionwidgets_initactions.php:54
actionwp_enqueue_scriptsactions.php:55
actionpre_get_postsactions.php:56
actionadmin_menuactions.php:57
actionadmin_bar_menuactions.php:58
actionadmin_bar_menuactions.php:59
actionadmin_initactions.php:60
actionadmin_initactions.php:62
actionadmin_menuactions.php:63
actionadmin_initactions.php:64
actionadmin_initactions.php:65
actionadmin_initactions.php:66
actionadmin_noticesactions.php:67
actionwp_dashboard_setupactions.php:68
actionadmin_initactions.php:69
actionwpactions.php:70
actionshow_user_profileactions.php:71
actionedit_user_profileactions.php:72
actionpersonal_options_updateactions.php:73
actionedit_user_profile_updateactions.php:74
actionuser_new_formactions.php:75
actionrsvpmaker_datebox_messageactions.php:76
actionbp_profile_header_metaactions.php:77
actionadmin_headactions.php:78
actionadmin_initactions.php:79
filterblock_type_metadata_settingsagenda\toastmasters-dynamic-agenda.php:44
actionwp_enqueue_scriptsagenda\toastmasters-dynamic-agenda.php:57
actionadmin_enqueue_scriptsagenda\toastmasters-dynamic-agenda.php:58
filterlocaleapi-test.php:1608
actionrest_api_initapi-test.php:2964
filterlocaleapi.php:1628
actionrest_api_initapi.php:2991
actionwp4toast_reminders_cronemail-backup.php:5
actionrsvpmaker_email_send_ui_submitemail-backup.php:264
actionrsvpmaker_email_send_ui_optionsemail-backup.php:267
filterrsvpmailer_ruleemail-backup.php:280
actionadmin_noticesemail-backup.php:739
actionlogin_footeremail-backup.php:781
filterrender_blockemail-backup.php:826
actionrsvpmaker_autoreplyemail-forwarders-and-groups.php:2
actionadmin_menuemail-forwarders-and-groups.php:3
actionwpt_wizard_postemail-forwarders-and-groups.php:554
actionwpt_wizard_screen_2email-forwarders-and-groups.php:576
actionwpt_wizard_screen_3email-forwarders-and-groups.php:584
actiongroup_email_admin_noticeemail-forwarders-and-groups.php:607
filterrsvpmaker_consolidated_forwardersemail-forwarders-and-groups.php:772
filterrsvpmailer_mailemail-forwarders-and-groups.php:1368
filterrsvpmail_recipients_from_forwardersemail-forwarders-and-groups.php:1388
filterrsvpmail_slug_and_idemail-forwarders-and-groups.php:1477
actionrsvpmail_relay_slug_and_idemail-forwarders-and-groups.php:1491
filterrsvpmail_email_matchemail-forwarders-and-groups.php:1650
actionprofile_updateemail-forwarders-and-groups.php:1679
actionadd_user_to_blogemail-forwarders-and-groups.php:1680
filterrsvpmail_post_for_emailemail-forwarders-and-groups.php:1688
filterrsvpmailer_mailemail-forwarders-and-groups.php:1773
actionwp4toast_reminders_cronemail.php:5
actionwp4toast_tod_reminder_cronemail.php:13
actionrsvpmaker_email_send_ui_submitemail.php:329
actionrsvpmaker_email_send_ui_optionsemail.php:332
filterrsvpmailer_ruleemail.php:345
actionadmin_noticesemail.php:806
actionlogin_footeremail.php:848
filterrender_blockemail.php:893
filterrsvpmaker_tab_pagesenqueue.php:24
filterrsvpmaker_rest_arrayenqueue.php:137
filterjetpack_seo_meta_tagsfilters.php:2
filterexcerpt_morefilters.php:3
filteruser_contactmethodsfilters.php:4
filterthe_contentfilters.php:133
filterthe_contentfilters.php:252
filterthe_contentfilters.php:293
filterthe_contentfilters.php:316
filterlogin_messagefilters.php:342
filterthe_excerptfilters.php:352
filterget_the_excerptfilters.php:353
actionadmin_initfse-navigation-block.php:87
actionafter_setup_themefth-importer.php:210
filterimage_size_names_choosefth-importer.php:211
actionwp_enqueue_scriptsfth-importer.php:226
actionadmin_enqueue_scriptsfth-importer.php:227
actionadmin_initfth-importer.php:300
actionadmin_initfth-importer.php:666
actionadmin_initfth-importer.php:674
actionadmin_headmce_shortcode.php:23
actionadmin_enqueue_scriptsmce_shortcode.php:24
filtermce_external_pluginsmce_shortcode.php:40
filtermce_buttonsmce_shortcode.php:41
filtershow_admin_barmobile.php:46
actionwp_enqueue_scriptsrsvpmaker-for-toastmasters.php:21
actionadmin_initsetup-wizard.php:7
actionadmin_noticessetup-wizard.php:581
actionrsvpmaker_paypal_record_paymenttm-online-application.php:3
actionadmin_menutm-online-application.php:991
actionadmin_menutm-reports.php:2
actionadmin_menutm-reports.php:3
actionadmin_enqueue_scriptstm-reports.php:4
actionadmin_headtm-reports.php:5
actionadmin_enqueue_scriptstm-reports.php:44
actionupdate_user_role_archive_alltm-reports.php:481
actionadmin_bar_menutm-reports.php:1220
actionrsvpmaker_payments_setting_toptm-reports.php:6086
actionwp4t_ballot_status_emailtm-reports.php:7021
filterthe_contenttm-reports.php:7307
filterwp_privacy_personal_data_exporterstoastmasters-privacy.php:9
filterwp_privacy_personal_data_eraserstoastmasters-privacy.php:134
actionadmin_inittoastmasters-privacy.php:154
actionwp4t_todolist_crontodo-list.php:257
actionpost_updatedutility.php:629
filterrsvp_print_to_wordutility.php:941
actionadd_user_to_blogutility.php:1621
filterwp_nav_menuutility.php:1793
actionadmin_headutility.php:2083
actionwp_paypal_ipn_processedutility.php:2109
filteroption_rsvpmaker_email_custom_stylesutility.php:2484
actionpre_get_usersutility.php:2602
actionupdate_postmetautility.php:2814
actionadmin_initutility.php:3565

Scheduled Events 5

wp4t_ballot_status_email
wp4t_todolist_cron
refresh_tm_history
refresh_tm_history
wp4t_log_notify
Maintenance & Trust

RSVPMaker for Toastmasters Maintenance & Trust

Maintenance Signals

WordPress version tested7.0
Last updatedMar 14, 2026
PHP min version5.6
Downloads41K

Community Trust

Rating60/100
Number of ratings2
Active installs10
Alternatives

RSVPMaker for Toastmasters Alternatives

No alternatives data available yet.

Developer Profile

RSVPMaker for Toastmasters Developer Profile

davidfcarr

10 plugins · 490 total installs

72
trust score
Avg Security Score
90/100
Avg Patch Time
527 days
View full developer profile
Detection Fingerprints

How We Detect RSVPMaker for Toastmasters

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/rsvpmaker-for-toastmasters/agenda/build/frontend.js/wp-content/plugins/rsvpmaker-for-toastmasters/build/index.js/wp-content/plugins/rsvpmaker-for-toastmasters/build/style-index.css/wp-content/plugins/rsvpmaker-for-toastmasters/dist/toastmasters-dynamic-agenda.css/wp-content/plugins/rsvpmaker-for-toastmasters/dist/toastmasters-dynamic-agenda.js
Script Paths
/wp-content/plugins/rsvpmaker-for-toastmasters/agenda/build/frontend.js
Version Parameters
rsvpmaker-for-toastmasters/css/toastmasters.css?ver=rsvpmaker-for-toastmasters/css/toastmasters.min.css?ver=rsvpmaker-for-toastmasters/dist/toastmasters-dynamic-agenda.css?ver=rsvpmaker-for-toastmasters/dist/toastmasters-dynamic-agenda.js?ver=rsvpmaker-for-toastmasters/build/index.js?ver=rsvpmaker-for-toastmasters/build/style-index.css?ver=

HTML / DOM Fingerprints

CSS Classes
wp-block-wp4toastmasters-toastmasters-dynamic-agendatoastmasters-dynamic-agenda-view-scriptwp4toastmasters-toastmasters-dynamic-agenda-view-scriptwp4t-rsvplistwp4t-rolewp4t-agendanoterich2wp4t-signupnotewp4t-agendaedit+16 more
HTML Comments
<!-- excluded on specified sites --><!--end excluded actions--><!-- disable within WordPress Playground -->
Data Attributes
data-block="toastmasters-dynamic-agenda"data-roledata-agenda-role
JS Globals
wpt_restrsvpmaker_settingsrsvpmaker_defaultsToastmasters
REST Endpoints
/wp-json/wp4t/v2/getroles/wp-json/wp4t/v2/getmeetingroles/wp-json/wp4t/v2/getagendatemplates/wp-json/wp4t/v2/getagenda/wp-json/wp4t/v2/addmeeting/wp-json/wp4t/v2/deleteagendaitem/wp-json/wp4t/v2/saveagendaitem/wp-json/wp4t/v2/saveagenda/wp-json/wp4t/v2/updateagendatimes/wp-json/wp4t/v2/getagendalog/wp-json/wp4t/v2/savetemplate/wp-json/wp4t/v2/getroles/wp-json/wp4t/v2/getmeetingroles/wp-json/wp4t/v2/getagendatemplates/wp-json/wp4t/v2/getagenda/wp-json/wp4t/v2/addmeeting/wp-json/wp4t/v2/deleteagendaitem/wp-json/wp4t/v2/saveagendaitem/wp-json/wp4t/v2/saveagenda/wp-json/wp4t/v2/updateagendatimes/wp-json/wp4t/v2/getagendalog/wp-json/wp4t/v2/savetemplate
Shortcode Output
[toastmasters_dynamic_agenda][rsvplist][role][agendanoterich2]
FAQ

Frequently Asked Questions about RSVPMaker for Toastmasters