Filtered by vendor Tri
Subscriptions
Filtered by product The Events Calendar
Subscriptions
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-1295 | 1 Tri | 1 The Events Calendar | 2024-08-07 | 6.5 Medium |
| The events-calendar-pro WordPress plugin before 6.4.0.1, The Events Calendar WordPress plugin before 6.4.0.1 does not prevent users with at least the contributor role from leaking details about events they shouldn't have access to. (e.g. password-protected events, drafts, etc.) | ||||
| CVE-2019-15109 | 1 Tri | 1 The Events Calendar | 2024-08-05 | N/A |
| The the-events-calendar plugin before 4.8.2 for WordPress has XSS via the tribe_paged URL parameter. | ||||
| CVE-2023-6557 | 1 Tri | 1 The Events Calendar | 2024-08-02 | 5.3 Medium |
| The The Events Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.2.8.2 via the route function hooked into wp_ajax_nopriv_tribe_dropdown. This makes it possible for unauthenticated attackers to extract potentially sensitive data including post titles and IDs of pending, private and draft posts. | ||||
| CVE-2023-6203 | 1 Tri | 1 The Events Calendar | 2024-08-02 | 7.5 High |
| The Events Calendar WordPress plugin before 6.2.8.1 discloses the content of password protected posts to unauthenticated users via a crafted request | ||||
Page 1 of 1.