CVE-2025-12408

Name of the Vulnerable Software and Affected Versions The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress versions through 7.2.2.2

Description The Events Manager plugin for WordPress is susceptible to information disclosure. Insufficient restrictions on location inclusion within the get location action allow unauthenticated attackers to access data from event locations that should be protected, including those that are password-protected, private, or in draft status.

Recommendations Update to a version later than 7.2.2.2.