CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6557 – The Events Calendar <= 6.2.8.2 - Unauthenticated Sensitive Information Exposure
https://notcve.org/view.php?id=CVE-2023-6557
12 Jan 2024 — The The Events Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.2.8.2 via the route function hooked into wp_ajax_nopriv_tribe_dropdown. This makes it possible for unauthenticated attackers to extract potentially sensitive data including post titles and IDs of pending, private and draft posts. El complemento The Events Calendar para WordPress es vulnerable a la exposición de información confidencial en todas las versiones hasta la 6.2.8.2 i... • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3010104%40the-events-calendar%2Ftags%2F6.2.9&old=3010096%40the-events-calendar%2Ftags%2F6.2.9 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6203 – The Events Calendar < 6.2.8.1 - Unauthenticated Arbitrary Password Protected Post Read
https://notcve.org/view.php?id=CVE-2023-6203
20 Nov 2023 — The Events Calendar WordPress plugin before 6.2.8.1 discloses the content of password protected posts to unauthenticated users via a crafted request El complemento Events Calendar de WordPress anterior a 6.2.8.1 revela el contenido de publicaciones protegidas con contraseña a usuarios no autenticados a través de una solicitud manipulada The The Events Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to and including 6.2.8 via the get_data function. This makes ... • https://wpscan.com/vulnerability/229273e6-e849-447f-a95a-0730969ecdae • CWE-202: Exposure of Sensitive Information Through Data Queries •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35777 – WordPress The Events Calendar plugin <= 6.1.2.2 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-35777
25 Jul 2023 — Missing Authorization vulnerability in The Events Calendar The Events Calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Events Calendar: from n/a through 6.1.2.2. The The Events Calendar plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_ical_output_for_an_event() function in versions up to, and including, 6.1.2.2. This makes it possible for unauthenticated attackers to view arbitrary/private ev... • https://patchstack.com/database/wordpress/plugin/the-events-calendar/vulnerability/wordpress-the-events-calendar-plugin-6-1-2-2-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 425EXPL: 0CVE-2022-4974 – Freemius SDK <= 2.4.2 - Missing Authorization Checks
https://notcve.org/view.php?id=CVE-2022-4974
04 Mar 2022 — The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. • https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=cve • CWE-862: Missing Authorization •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15109 – The Events Calendar <= 4.8.1 - Cross-Site Scripting via tribe_paged Parameter
https://notcve.org/view.php?id=CVE-2019-15109
04 Mar 2019 — The the-events-calendar plugin before 4.8.2 for WordPress has XSS via the tribe_paged URL parameter. El plugin the-events-calendar versiones anteriores a 4.8.2 para WordPress, presenta una vulnerabilidad de tipo XSS por medio del parámetro de URL tribe_paged. The Events Calendar plugin before 4.8.2 for WordPress has XSS via the tribe_paged URL parameter. • https://wordpress.org/plugins/the-events-calendar/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •