CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12711 – RSVP and Event Management <= 2.7.13 - Missing Authorization
https://notcve.org/view.php?id=CVE-2024-12711
06 Jan 2025 — The RSVP and Event Management plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX functions like bulk_delete_attendees() and bulk_delete_questions() in all versions up to, and including, 2.7.13. This makes it possible for unauthenticated attackers to delete questions and attendees and for authenticated users to update question menu orders. El complemento RSVP y Event Management para WordPress es vulnerable al acceso no autorizado debido a una verificac... • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3216473%40rsvp&new=3216473%40rsvp&sfp_email=&sfph_mail= • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1054 – RSVP and Event Management < 2.7.8 - Unauthenticated Entries Export
https://notcve.org/view.php?id=CVE-2022-1054
11 Apr 2022 — The RSVP and Event Management Plugin WordPress plugin before 2.7.8 does not have any authorisation checks when exporting its entries, and has the export function hooked to the init action. As a result, unauthenticated attackers could call it and retrieve PII such as first name, last name and email address of user registered for events El plugin RSVP and Event Management Plugin de WordPress versiones anteriores a 2.7.8, no presenta ninguna comprobación de autorización cuando exporta sus entradas, y presenta ... • https://wpscan.com/vulnerability/95a5fad1-e823-4571-8640-19bf5436578d • CWE-862: Missing Authorization •