Description The plugin lacks authentication and authorization, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id/event name.
1. Create a password-protected event or a private event then publish it. 2. Access to the URL on a private browser and you will be able to see the password-protected or private event. 3. https://www.example.com/index.php/event/{{EVENT-ID}}/