The rsvp plugin before 2.3.8 for WordPress has persistent XSS via the note field on the attendee-list screen.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected