CVE-2022-1054

nvd nist nuclei

Published: Apr 18, 2022Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

The RSVP and Event Management Plugin WordPress plugin before 2.7.8 does not have any authorisation checks when exporting its entries, and has the export function hooked to the init action. As a result, unauthenticated attackers could call it and retrieve PII such as first name, last name and email address of user registered for events

Affected (1)

Products: Wpchill: Rsvp And Event Management

1 product

Rsvp And Event Management

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Wpchill Rsvp And Event Management	Before 2.7.8

Related CWEs

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (2)

https://wpscan.com/vulnerability/95a5fad1-e823-4571-8640-19bf5436578d

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/95a5fad1-e823-4571-8640-19bf5436578d

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.