Skip to main content

Rsvp And Event Management

3 CVEs product

Monthly

CVE-2026-27398 MEDIUM This Month

Missing authorization in the WP Chill RSVP and Event Management WordPress plugin (versions through 2.7.16) enables unauthenticated remote attackers to perform unauthorized write operations by bypassing access control checks. The CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms fully remote, zero-complexity, unauthenticated exploitation is possible against default plugin installations. Impact is limited to partial integrity degradation (I:L) with no confidentiality or availability loss; no public exploit has been identified at time of analysis and EPSS is very low at 0.03% (8th percentile).

Authentication Bypass Rsvp And Event Management
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-39536 MEDIUM This Month

Information disclosure in WP Chill RSVP and Event Management plugin versions up to 2.7.16 exposes sensitive system data to unauthenticated remote attackers via unprotected endpoints. The vulnerability allows retrieval of embedded sensitive information without authentication or user interaction, affecting WordPress sites using the affected plugin versions. With EPSS scoring of 0.02% and no public exploit code identified, real-world exploitation risk is minimal despite the network-accessible attack vector.

Information Disclosure Rsvp And Event Management
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2022-1054 MEDIUM POC This Month

The RSVP and Event Management Plugin WordPress plugin before 2.7.8 does not have any authorisation checks when exporting its entries, and has the export function hooked to the init action. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Rsvp And Event Management
NVD WPScan
CVSS 3.1
5.3
EPSS
3.8%
EPSS 0% CVSS 5.3
MEDIUM This Month

Missing authorization in the WP Chill RSVP and Event Management WordPress plugin (versions through 2.7.16) enables unauthenticated remote attackers to perform unauthorized write operations by bypassing access control checks. The CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms fully remote, zero-complexity, unauthenticated exploitation is possible against default plugin installations. Impact is limited to partial integrity degradation (I:L) with no confidentiality or availability loss; no public exploit has been identified at time of analysis and EPSS is very low at 0.03% (8th percentile).

Authentication Bypass Rsvp And Event Management
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Information disclosure in WP Chill RSVP and Event Management plugin versions up to 2.7.16 exposes sensitive system data to unauthenticated remote attackers via unprotected endpoints. The vulnerability allows retrieval of embedded sensitive information without authentication or user interaction, affecting WordPress sites using the affected plugin versions. With EPSS scoring of 0.02% and no public exploit code identified, real-world exploitation risk is minimal despite the network-accessible attack vector.

Information Disclosure Rsvp And Event Management
NVD
EPSS 4% CVSS 5.3
MEDIUM POC This Month

The RSVP and Event Management Plugin WordPress plugin before 2.7.8 does not have any authorisation checks when exporting its entries, and has the export function hooked to the init action. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Rsvp And Event Management
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy