The The Events Calendar plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.15.2 via the REST endpoint. This makes it possible for unauthenticated attackers to extract information about password-protected vendors or venues.
Metrics
Affected Vendors & Products
References
History
Wed, 17 Sep 2025 11:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Theeventscalendar
Theeventscalendar the Events Calendar Wordpress Wordpress wordpress |
|
Vendors & Products |
Theeventscalendar
Theeventscalendar the Events Calendar Wordpress Wordpress wordpress |
Tue, 16 Sep 2025 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 16 Sep 2025 05:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The The Events Calendar plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.15.2 via the REST endpoint. This makes it possible for unauthenticated attackers to extract information about password-protected vendors or venues. | |
Title | The Events Calendar <= 6.15.2 - Missing Authorization to Unauthenticated Password-Protected Information Disclosure | |
Weaknesses | CWE-200 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: Wordfence
Published:
Updated: 2025-09-16T19:16:02.937Z
Reserved: 2025-09-01T15:49:44.923Z
Link: CVE-2025-9808

Updated: 2025-09-16T19:15:58.027Z

Status : Awaiting Analysis
Published: 2025-09-16T06:16:06.463
Modified: 2025-09-16T12:49:16.060
Link: CVE-2025-9808

No data.