Описание
The RSVP and Event Management Plugin WordPress plugin before 2.7.8 does not have any authorisation checks when exporting its entries, and has the export function hooked to the init action. As a result, unauthenticated attackers could call it and retrieve PII such as first name, last name and email address of user registered for events
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.7.8 (исключая)
cpe:2.3:a:wpchill:rsvp_and_event_management:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 94%
0.12369
Средний
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-862
Связанные уязвимости
CVSS3: 5.3
github
почти 4 года назад
The RSVP and Event Management Plugin WordPress plugin before 2.7.8 does not have any authorisation checks when exporting its entries, and has the export function hooked to the init action. As a result, unauthenticated attackers could call it and retrieve PII such as first name, last name and email address of user registered for events
EPSS
Процентиль: 94%
0.12369
Средний
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-862