Update CVE-2022-1054.yaml
parent
b0f264c0b8
commit
cc0a6213ca
|
@ -4,7 +4,8 @@ info:
|
|||
name: RSVP and Event Management < 2.7.8 - Unauthenticated Entries Export
|
||||
author: Akincibor
|
||||
severity: medium
|
||||
description: The plugin does not have any authorisation checks when exporting its entries, and has the export function hooked to the init action. As a result, unauthenticated attackers could call it and retrieve PII such as first name, last name and email address of users registered for events.
|
||||
description: |
|
||||
The plugin does not have any authorisation checks when exporting its entries, and has the export function hooked to the init action. As a result, unauthenticated attackers could call it and retrieve PII such as first name, last name and email address of users registered for events.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/95a5fad1-e823-4571-8640-19bf5436578d
|
||||
tags: wp,wp-plugin,wordpress,cve,cve2022
|
||||
|
@ -20,6 +21,8 @@ requests:
|
|||
part: body
|
||||
words:
|
||||
- 'RSVP Status'
|
||||
- '"First Name"'
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
|
|
Loading…
Reference in New Issue