The Events Calendar Security Vulnerabilities and Issues — The Events Calendar CVE List

Lucene search

TriThe Events Calendar

5 matches found

CVE•added 2024/12/16 6:15 a.m.•86 views

CVE-2024-5333

The Events Calendar WordPress plugin before 6.8.2.1 is missing access checks in the REST API, allowing for unauthenticated users to access information about password protected events.

5.3CVSS6.5AI score0.0003EPSS

CVE•added 2024/06/14 6:15 a.m.•60 views

CVE-2024-1295

The events-calendar-pro WordPress plugin before 6.4.0.1, The Events Calendar WordPress plugin before 6.4.0.1 does not prevent users with at least the contributor role from leaking details about events they shouldn't have access to. (e.g. password-protected events, drafts, etc.)

6.5CVSS6.7AI score0.00659EPSS

CVE•added 2023/12/18 8:15 p.m.•43 views

CVE-2023-6203

The Events Calendar WordPress plugin before 6.2.8.1 discloses the content of password protected posts to unauthenticated users via a crafted request

7.5CVSS7.5AI score0.00766EPSS

CVE•added 2024/06/04 6:15 a.m.•30 views

CVE-2024-4180

The Events Calendar WordPress plugin before 6.4.0.1 does not properly sanitize user-submitted content when rendering some views via AJAX.

9.1CVSS7.1AI score0.00997EPSS

CVE•added 2025/05/15 8:15 p.m.•14 views

CVE-2024-8493

The Events Calendar WordPress plugin before 6.6.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

4.8CVSS5.7AI score0.00039EPSS