3 matches found
CVE-2025-12192
CVE-2025-12192 affects The Events Calendar WordPress plugin up to version 6.15.9. The issue stems from the sysinfo REST endpoint performing a loose comparison between the provided key and the stored opt-in key, allowing unauthenticated attackers to trigger the endpoint and retrieve the full syste...
CVE-2025-12192 The Events Calendar <= 6.15.9 - Sysinfo Key Incorrect Comparison to Unauthenticated Sensitive Information Exposure
The Events Calendar plugin for WordPress is vulnerable to information disclosure in versions up to, and including, 6.15.9. The sysinfo REST endpoint compares the provided key to the stored opt-in key using a loose comparison, allowing unauthenticated attackers to send a boolean value and obtain t...
CVE-2025-12192 The Events Calendar <= 6.15.9 - Sysinfo Key Incorrect Comparison to Unauthenticated Sensitive Information Exposure
The Events Calendar plugin for WordPress is vulnerable to information disclosure in versions up to, and including, 6.15.9. The sysinfo REST endpoint compares the provided key to the stored opt-in key using a loose comparison, allowing unauthenticated attackers to send a boolean value and obtain t...