.. / CVE-2022-1054

Exploit for WordPress RSVP and Event Management <2.7.8 - Missing Authorization (CVE-2022-1054)

Description:

WordPress RSVP and Event Management plugin before 2.7.8 is susceptible to missing authorization. The plugin does not have any authorization checks when exporting its entries, and the export function is hooked to the init action. An attacker can potentially retrieve sensitive information such as first name, last name, and email address of users registered for events,

Nuclei Template

View the template here CVE-2022-1054.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2022/CVE-2022-1054.yaml

References:

https://nvd.nist.gov/vuln/detail/CVE-2022-1054
https://wpscan.com/vulnerability/95a5fad1-e823-4571-8640-19bf5436578d
https://github.com/ARPSyndicate/cvemon
https://github.com/ARPSyndicate/kenzer-templates

.. / CVE-2022-1054 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for WordPress RSVP and Event Management <2.7.8 - Missing Authorization (CVE-2022-1054)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2022-1054