CVE-2022-1054

CVE-2022-1054: RSVP and Event Management < 2.7.8 - Unauthenticated Entries Export

Vendor Unknown
Product RSVP and Event Management Plugin
Weakness CWE-862 · Missing authorization
Published April 18, 2022
Last update August 2, 2024

CVSS base score

What the vulnerability does

01Description

The RSVP and Event Management Plugin WordPress plugin before 2.7.8 does not have any authorisation checks when exporting its entries, and has the export function hooked to the init action. As a result, unauthenticated attackers could call it and retrieve PII such as first name, last name and email address of user registered for events

Key dates

02Disclosure timeline

April 18, 2022 CVE published
August 2, 2024 Record updated