CVE-2026-39536 PUBLISHED

WordPress RSVP and Event Management plugin <= 2.7.16 - Sensitive Data Exposure vulnerability

Assigner: Patchstack
Reserved: 07.04.2026 Published: 08.04.2026 Updated: 08.04.2026

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WP Chill RSVP and Event Management rsvp allows Retrieve Embedded Sensitive Data.This issue affects RSVP and Event Management: from n/a through <= 2.7.16.

Product Status

Vendor	WP Chill
Product	RSVP and Event Management
Versions	Default: unaffected affected from 0 to 2.7.16 (incl.)

Credits

Muhammad Sharief | Patchstack Bug Bounty Program finder

References

https://patchstack.com/database/Wordpress/Plugin/rsvp/vulnerability/wordpress-rsvp-and-event-management-plugin-2-7-16-sensitive-data-exposure-vulnerability?_s_id=cve

Problem Types

Exposure of Sensitive System Information to an Unauthorized Control Sphere CWE

Impacts

Retrieve Embedded Sensitive Data