PT-2025-37866 · Stellarwp+1 · The Events Calendar
Miguel Santareno
·
Published
2025-09-16
·
Updated
2025-12-20
·
CVE-2025-9808
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
The Events Calendar plugin for WordPress versions prior to 6.15.3
Description
The Events Calendar plugin for WordPress is susceptible to information disclosure through the REST endpoint. This allows unauthenticated attackers to extract information about password-protected vendors or venues. The affected API endpoint is not specified. The vulnerable data includes information related to
vendors and venues.Recommendations
Update The Events Calendar plugin to version 6.15.3 or later.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
The Events Calendar