Rsvp And Event Management
Monthly
Missing authorization in the WP Chill RSVP and Event Management WordPress plugin (versions through 2.7.16) enables unauthenticated remote attackers to perform unauthorized write operations by bypassing access control checks. The CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms fully remote, zero-complexity, unauthenticated exploitation is possible against default plugin installations. Impact is limited to partial integrity degradation (I:L) with no confidentiality or availability loss; no public exploit has been identified at time of analysis and EPSS is very low at 0.03% (8th percentile).
Information disclosure in WP Chill RSVP and Event Management plugin versions up to 2.7.16 exposes sensitive system data to unauthenticated remote attackers via unprotected endpoints. The vulnerability allows retrieval of embedded sensitive information without authentication or user interaction, affecting WordPress sites using the affected plugin versions. With EPSS scoring of 0.02% and no public exploit code identified, real-world exploitation risk is minimal despite the network-accessible attack vector.
The RSVP and Event Management Plugin WordPress plugin before 2.7.8 does not have any authorisation checks when exporting its entries, and has the export function hooked to the init action. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Missing authorization in the WP Chill RSVP and Event Management WordPress plugin (versions through 2.7.16) enables unauthenticated remote attackers to perform unauthorized write operations by bypassing access control checks. The CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms fully remote, zero-complexity, unauthenticated exploitation is possible against default plugin installations. Impact is limited to partial integrity degradation (I:L) with no confidentiality or availability loss; no public exploit has been identified at time of analysis and EPSS is very low at 0.03% (8th percentile).
Information disclosure in WP Chill RSVP and Event Management plugin versions up to 2.7.16 exposes sensitive system data to unauthenticated remote attackers via unprotected endpoints. The vulnerability allows retrieval of embedded sensitive information without authentication or user interaction, affecting WordPress sites using the affected plugin versions. With EPSS scoring of 0.02% and no public exploit code identified, real-world exploitation risk is minimal despite the network-accessible attack vector.
The RSVP and Event Management Plugin WordPress plugin before 2.7.8 does not have any authorisation checks when exporting its entries, and has the export function hooked to the init action. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.