CVE-2022-1054

MEDIUM NUCLEI

Wpchill Rsvp And Event Management < 2.7.8 - Missing Authorization

Title source: rule

Description

The RSVP and Event Management Plugin WordPress plugin before 2.7.8 does not have any authorisation checks when exporting its entries, and has the export function hooked to the init action. As a result, unauthenticated attackers could call it and retrieve PII such as first name, last name and email address of user registered for events

Nuclei Templates (1)

WordPress RSVP and Event Management <2.7.8 - Missing Authorization

MEDIUMby Akincibor

References (1)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/95a5fad1-e823-4571-8640-19bf5436578d

Scores

CVSS v3 5.3

EPSS 0.1169

EPSS Percentile 93.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-862

Status published

Products (1)

wpchill/rsvp_and_event_management < 2.7.8

Published Apr 18, 2022

Tracked Since Feb 18, 2026