daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Enhancement: cves/2022/CVE-2022-1054.yaml by md

patch-1
MostInterestingBotInTheWorld 2023-04-06 17:30:22 -04:00
parent db2041816e
commit 3a25625a6d
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
cves/2022/CVE-2022-1054.yaml
View File

@ -1,10 +1,10 @@
id: CVE-2022-1054
info:
name: RSVP and Event Management < 2.7.8 - Unauthenticated Entries Export
name: WordPress RSVP and Event Management <2.7.8 - Missing Authorization
author: Akincibor
severity: medium
description: The RSVP and Event Management Plugin WordPress plugin before 2.7.8 does not have any authorisation checks when exporting its entries, and has the export function hooked to the init action. As a result, unauthenticated attackers could call it and retrieve PII such as first name, last name and email address of user registered for events
description: WordPress RSVP and Event Management plugin before 2.7.8 is susceptible to missing authorization. The plugin does not have any authorization checks when exporting its entries, and the export function is hooked to the init action. An attacker can potentially retrieve sensitive information such as first name, last name and email address of users registered for events,
reference:
- https://wpscan.com/vulnerability/95a5fad1-e823-4571-8640-19bf5436578d
classification:
@ -31,3 +31,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2023/04/06