CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6557 – The Events Calendar <= 6.2.8.2 - Unauthenticated Sensitive Information Exposure
https://notcve.org/view.php?id=CVE-2023-6557
12 Jan 2024 — The The Events Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.2.8.2 via the route function hooked into wp_ajax_nopriv_tribe_dropdown. This makes it possible for unauthenticated attackers to extract potentially sensitive data including post titles and IDs of pending, private and draft posts. El complemento The Events Calendar para WordPress es vulnerable a la exposición de información confidencial en todas las versiones hasta la 6.2.8.2 i... • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3010104%40the-events-calendar%2Ftags%2F6.2.9&old=3010096%40the-events-calendar%2Ftags%2F6.2.9 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6203 – The Events Calendar < 6.2.8.1 - Unauthenticated Arbitrary Password Protected Post Read
https://notcve.org/view.php?id=CVE-2023-6203
20 Nov 2023 — The Events Calendar WordPress plugin before 6.2.8.1 discloses the content of password protected posts to unauthenticated users via a crafted request El complemento Events Calendar de WordPress anterior a 6.2.8.1 revela el contenido de publicaciones protegidas con contraseña a usuarios no autenticados a través de una solicitud manipulada The The Events Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to and including 6.2.8 via the get_data function. This makes ... • https://wpscan.com/vulnerability/229273e6-e849-447f-a95a-0730969ecdae • CWE-202: Exposure of Sensitive Information Through Data Queries •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15109 – The Events Calendar <= 4.8.1 - Cross-Site Scripting via tribe_paged Parameter
https://notcve.org/view.php?id=CVE-2019-15109
04 Mar 2019 — The the-events-calendar plugin before 4.8.2 for WordPress has XSS via the tribe_paged URL parameter. El plugin the-events-calendar versiones anteriores a 4.8.2 para WordPress, presenta una vulnerabilidad de tipo XSS por medio del parámetro de URL tribe_paged. The Events Calendar plugin before 4.8.2 for WordPress has XSS via the tribe_paged URL parameter. • https://wordpress.org/plugins/the-events-calendar/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •