CVE-2022-1054
RSVP and Event Management < 2.7.8 - Unauthenticated Entries Export
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The RSVP and Event Management Plugin WordPress plugin before 2.7.8 does not have any authorisation checks when exporting its entries, and has the export function hooked to the init action. As a result, unauthenticated attackers could call it and retrieve PII such as first name, last name and email address of user registered for events
El plugin RSVP and Event Management Plugin de WordPress versiones anteriores a 2.7.8, no presenta ninguna comprobación de autorización cuando exporta sus entradas, y presenta la función de exportación enganchada a la acción init. Como resultado, los atacantes no autenticados podrían llamarlo y recuperar PII como el nombre, el apellido y la dirección de correo electrónico de los usuarios registrados en los eventos
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-03-22 CVE Reserved
- 2022-04-11 CVE Published
- 2024-08-02 CVE Updated
- 2024-08-02 First Exploit
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-862: Missing Authorization
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://wpscan.com/vulnerability/95a5fad1-e823-4571-8640-19bf5436578d | 2024-08-02 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Wpchill Search vendor "Wpchill" | Rsvp And Event Management Search vendor "Wpchill" for product "Rsvp And Event Management" | < 2.7.8 Search vendor "Wpchill" for product "Rsvp And Event Management" and version " < 2.7.8" | wordpress |
Affected
| ||||||