CVE-2026-39536
Received Received - Intake
Information Exposure in WP Chill RSVP Plugin Allows Data Retrieval

Publication date: 2026-04-08

Last updated on: 2026-04-13

Assigner: Patchstack

Description
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WP Chill RSVP and Event Management rsvp allows Retrieve Embedded Sensitive Data.This issue affects RSVP and Event Management: from n/a through <= 2.7.16.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-08
Last Modified
2026-04-13
Generated
2026-06-16
AI Q&A
2026-04-08
EPSS Evaluated
2026-06-15
NVD
CVE-2026-39536
EUVD
EUVD-2026-20191
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wp_chill rsvp_and_event_management to 2.7.16 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-497 The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-39536 is a vulnerability in the WordPress RSVP and Event Management Plugin versions up to and including 2.7.16. It is classified as a Sensitive Data Exposure issue, allowing unauthenticated attackers to access sensitive information that is normally restricted to regular users.

This exposure of sensitive system information falls under the OWASP Top 10 category A3: Sensitive Data Exposure. The vulnerability was reported in early 2026 and patched in version 2.7.17 of the plugin.

Impact Analysis

This vulnerability can allow unauthorized attackers to retrieve sensitive data from the affected WordPress plugin, potentially leading to further exploitation of the system.

Although the severity is considered low (CVSS score 5.3), attackers could use this vulnerability in mass-exploit campaigns targeting many websites, regardless of their traffic or popularity.

Detection Guidance

This vulnerability affects WordPress RSVP and Event Management Plugin versions up to and including 2.7.16. Detection involves identifying if the vulnerable plugin version is installed on your WordPress site.

You can check the installed plugin version by accessing your WordPress admin dashboard or by using command line tools to inspect the plugin files.

  • Use WP-CLI command to list installed plugins and their versions: wp plugin list
  • Check the plugin version in the plugin's main PHP file, typically located at wp-content/plugins/rsvp-and-event-management/, by looking for the version header.

Additionally, monitoring HTTP requests for unauthorized access attempts to sensitive data endpoints related to the RSVP plugin may help detect exploitation attempts, but specific commands for this are not provided.

Mitigation Strategies

The primary mitigation step is to update the RSVP and Event Management plugin to version 2.7.17 or later, where the vulnerability has been patched.

If immediate updating is not possible, consider disabling the plugin temporarily to prevent exploitation.

Utilize security tools such as Patchstack that provide auto-updates and mitigation support for vulnerable plugins.

Regularly monitor your WordPress site for unusual activity and unauthorized access attempts.

Compliance Impact

The CVE-2026-39536 vulnerability involves exposure of sensitive system information to unauthorized parties, which falls under the OWASP Top 10 category A3: Sensitive Data Exposure.

Such exposure of sensitive data can potentially impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive information from unauthorized access.

However, the provided information does not explicitly detail the direct effects on compliance with these regulations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-39536. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart