Wpchill ≫ Rsvp And Event Management

2 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.

5.3

CVE-2024-12711

EPSS 0.11%
Published 07.01.2025 12:15:24
Last modified 07.01.2025 12:15:24

The RSVP and Event Management plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX functions like bulk_delete_attendees() and bulk_delete_questions() in all versions up to, and including, 2.7.13....

5.3

CVE-2022-1054

Exploit

EPSS 6.1%
Published 18.04.2022 18:15:08
Last modified 21.11.2024 06:39:56

The RSVP and Event Management Plugin WordPress plugin before 2.7.8 does not have any authorisation checks when exporting its entries, and has the export function hooked to the init action. As a result, unauthenticated attackers could call it and retr...