CVE-2022-1054: 
WordPress vulnerability analysis and mitigation

The vulnerability CVE-2022-1054 affects the WordPress plugin RSVP and Event Management versions prior to 2.7.8. The vulnerability was discovered and publicly disclosed on March 28, 2022, and was subsequently fixed in version 2.7.8. This security issue is classified as a broken access control vulnerability that allows unauthenticated access to sensitive information (WPScan).

The vulnerability stems from the lack of authorization checks when exporting entries, with the export function being hooked to the init action. The issue is classified as 'NO AUTHORISATION' under OWASP Top 10 category A5: Broken Access Control (CWE-862). The vulnerability has been assigned a CVSS score of 7.5 (High), indicating significant security implications (WPScan).

When exploited, this vulnerability allows unauthenticated attackers to retrieve personally identifiable information (PII) of users registered for events. The exposed data includes sensitive information such as first names, last names, email addresses, and other event-related details of registered users (WPScan).

The vulnerability has been patched in version 2.7.8 of the RSVP and Event Management plugin. Users are strongly advised to update to this version or later to protect against unauthorized access to sensitive information (WPScan).