Search

Find a vulnerability

Search criteria

    10 vulnerabilities found for The Events Calendar by Unknown

    CVE-2024-8493 (GCVE-0-2024-8493)

    Vulnerability from nvd – Published: 2025-05-15 20:07 – Updated: 2025-05-17 03:11
    VLAI
    Title
    The Events Calendar < 6.6.4 - Admin+ Stored XSS
    Summary
    The Events Calendar WordPress plugin before 6.6.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    References
    URL Tags
    https://wpscan.com/vulnerability/561b3185-501a-4a… exploitvdb-entrytechnical-description
    Impacted products
    Vendor Product Version
    Unknown The Events Calendar Affected: 0 , < 6.6.4 (semver)
    Create a notification for this product.
    Credits
    Dmitrii Ignatyev WPScan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 4.8,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "HIGH",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-8493",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-17T03:11:26.045060Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-17T03:11:43.420Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "The Events Calendar",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "6.6.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Dmitrii Ignatyev"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "WPScan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Events Calendar WordPress plugin before 6.6.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-79 Cross-Site Scripting (XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-15T20:07:16.029Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "exploit",
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://wpscan.com/vulnerability/561b3185-501a-4a75-b880-226b159c0431/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "The Events Calendar \u003c 6.6.4 - Admin+ Stored XSS",
          "x_generator": {
            "engine": "WPScan CVE Generator"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2024-8493",
        "datePublished": "2025-05-15T20:07:16.029Z",
        "dateReserved": "2024-09-05T18:08:12.326Z",
        "dateUpdated": "2025-05-17T03:11:43.420Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-5333 (GCVE-0-2024-5333)

    Vulnerability from nvd – Published: 2024-12-16 06:00 – Updated: 2025-08-27 12:00
    VLAI
    Title
    The Events Calendar < 6.8.2.1 - Unauthenticated Password Protected Event Disclosure
    Summary
    The Events Calendar WordPress plugin before 6.8.2.1 is missing access checks in the REST API, allowing for unauthenticated users to access information about password protected events.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    References
    URL Tags
    https://wpscan.com/vulnerability/764b5a23-8b51-48… exploitvdb-entrytechnical-description
    Impacted products
    Vendor Product Version
    Unknown The Events Calendar Affected: 0 , < 6.8.2.1 (semver)
    Create a notification for this product.
    Credits
    Felipe Caon WPScan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-5333",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-16T16:47:52.421756Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-16T16:47:55.953Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "The Events Calendar",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "6.8.2.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Felipe Caon"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "WPScan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Events Calendar WordPress plugin before 6.8.2.1 is missing access checks in the REST API, allowing for unauthenticated users to access information about password protected events."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-27T12:00:55.339Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "exploit",
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://wpscan.com/vulnerability/764b5a23-8b51-4882-b899-beb54f684984/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "The Events Calendar \u003c 6.8.2.1 - Unauthenticated Password Protected Event Disclosure",
          "x_generator": {
            "engine": "WPScan CVE Generator"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2024-5333",
        "datePublished": "2024-12-16T06:00:05.897Z",
        "dateReserved": "2024-05-24T18:27:38.074Z",
        "dateUpdated": "2025-08-27T12:00:55.339Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-1295 (GCVE-0-2024-1295)

    Vulnerability from nvd – Published: 2024-06-14 06:00 – Updated: 2025-08-27 12:00
    VLAI
    Title
    The Events Calendar (Free < 6.4.0.1, Pro < 6.4.0.1) - Contributor+ Arbitrary Events Access
    Summary
    The events-calendar-pro WordPress plugin before 6.4.0.1, The Events Calendar WordPress plugin before 6.4.0.1 does not prevent users with at least the contributor role from leaking details about events they shouldn't have access to. (e.g. password-protected events, drafts, etc.)
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    References
    URL Tags
    https://wpscan.com/vulnerability/3cffbeb0-545a-40… exploitvdb-entrytechnical-description
    Impacted products
    Vendor Product Version
    Unknown events-calendar-pro Affected: 0 , < 6.4.0.1 (semver)
    Create a notification for this product.
    Unknown The Events Calendar Affected: 0 , < 6.4.0.1 (semver)
    Create a notification for this product.
    theeventscalendar the_events_calendar Affected: 0 , < 6.4.0.1 (semver)
        cpe:2.3:a:theeventscalendar:the_events_calendar:*:*:*:*:*:*:*:*
    Create a notification for this product.
    theeventscalendar events_calendar_pro Affected: 0 , < 6.4.0.1 (semver)
        cpe:2.3:a:theeventscalendar:events_calendar_pro:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Scott Kingsley Clark WPScan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:theeventscalendar:the_events_calendar:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "the_events_calendar",
                "vendor": "theeventscalendar",
                "versions": [
                  {
                    "lessThan": "6.4.0.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:theeventscalendar:events_calendar_pro:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "events_calendar_pro",
                "vendor": "theeventscalendar",
                "versions": [
                  {
                    "lessThan": "6.4.0.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1295",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-16T16:55:05.896656Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-16T17:02:16.338Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:33:25.358Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "exploit",
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/3cffbeb0-545a-4002-b02c-0fa38cada1db/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "events-calendar-pro",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "6.4.0.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "The Events Calendar",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "6.4.0.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Scott Kingsley Clark"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "WPScan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The events-calendar-pro WordPress plugin before 6.4.0.1, The Events Calendar WordPress plugin before 6.4.0.1 does not prevent users with at least the contributor role from leaking details about events they shouldn\u0027t have access to. (e.g. password-protected events, drafts, etc.)"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-27T12:00:24.293Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "exploit",
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://wpscan.com/vulnerability/3cffbeb0-545a-4002-b02c-0fa38cada1db/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "The Events Calendar (Free \u003c 6.4.0.1, Pro \u003c 6.4.0.1) - Contributor+ Arbitrary Events Access",
          "x_generator": {
            "engine": "WPScan CVE Generator"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2024-1295",
        "datePublished": "2024-06-14T06:00:02.149Z",
        "dateReserved": "2024-02-06T21:24:31.763Z",
        "dateUpdated": "2025-08-27T12:00:24.293Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-4180 (GCVE-0-2024-4180)

    Vulnerability from nvd – Published: 2024-06-04 06:00 – Updated: 2025-03-18 18:41
    VLAI
    Title
    The Events Calendar < 6.4.0.1 - Reflected XSS
    Summary
    The Events Calendar WordPress plugin before 6.4.0.1 does not properly sanitize user-submitted content when rendering some views via AJAX.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    References
    URL Tags
    https://wpscan.com/vulnerability/b2a92316-e404-4a… exploitvdb-entrytechnical-description
    Impacted products
    Vendor Product Version
    Unknown The Events Calendar Affected: 0 , < 6.4.0.1 (semver)
    Create a notification for this product.
    Credits
    Marc Montpas WPScan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 9.1,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-4180",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-04T14:32:46.121435Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-18T18:41:26.666Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:33:52.970Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "exploit",
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/b2a92316-e404-4a5e-8426-f88df6e87550/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "The Events Calendar",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "6.4.0.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Marc Montpas"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "WPScan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Events Calendar WordPress plugin before 6.4.0.1 does not properly sanitize user-submitted content when rendering some views via AJAX."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-79 Cross-Site Scripting (XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-04T06:00:02.616Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "exploit",
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://wpscan.com/vulnerability/b2a92316-e404-4a5e-8426-f88df6e87550/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "The Events Calendar \u003c 6.4.0.1 - Reflected XSS",
          "x_generator": {
            "engine": "WPScan CVE Generator"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2024-4180",
        "datePublished": "2024-06-04T06:00:02.616Z",
        "dateReserved": "2024-04-25T13:15:44.143Z",
        "dateUpdated": "2025-03-18T18:41:26.666Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-6203 (GCVE-0-2023-6203)

    Vulnerability from nvd – Published: 2023-12-18 20:07 – Updated: 2024-08-02 08:21
    VLAI
    Title
    The Events Calendar < 6.2.8.1 - Unauthenticated Arbitrary Password Protected Post Read
    Summary
    The Events Calendar WordPress plugin before 6.2.8.1 discloses the content of password protected posts to unauthenticated users via a crafted request
    Severity
    No CVSS data available.
    Assigner
    References
    URL Tags
    https://wpscan.com/vulnerability/229273e6-e849-44… exploitvdb-entrytechnical-description
    Impacted products
    Vendor Product Version
    Unknown The Events Calendar Affected: 0 , < 6.2.8.1 (semver)
    Create a notification for this product.
    Credits
    Krzysztof Zając (CERT PL) WPScan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:21:17.837Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "exploit",
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/229273e6-e849-447f-a95a-0730969ecdae"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "product": "The Events Calendar",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "6.2.8.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Krzysztof Zaj\u0105c (CERT PL)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "WPScan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Events Calendar WordPress plugin before 6.2.8.1 discloses the content of password protected posts to unauthenticated users via a crafted request"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-287 Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-18T20:07:53.415Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "exploit",
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://wpscan.com/vulnerability/229273e6-e849-447f-a95a-0730969ecdae"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "The Events Calendar \u003c 6.2.8.1 - Unauthenticated Arbitrary Password Protected Post Read",
          "x_generator": {
            "engine": "WPScan CVE Generator"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2023-6203",
        "datePublished": "2023-12-18T20:07:53.415Z",
        "dateReserved": "2023-11-20T13:33:17.684Z",
        "dateUpdated": "2024-08-02T08:21:17.837Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-8493 (GCVE-0-2024-8493)

    Vulnerability from cvelistv5 – Published: 2025-05-15 20:07 – Updated: 2025-05-17 03:11
    VLAI
    Title
    The Events Calendar < 6.6.4 - Admin+ Stored XSS
    Summary
    The Events Calendar WordPress plugin before 6.6.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    References
    URL Tags
    https://wpscan.com/vulnerability/561b3185-501a-4a… exploitvdb-entrytechnical-description
    Impacted products
    Vendor Product Version
    Unknown The Events Calendar Affected: 0 , < 6.6.4 (semver)
    Create a notification for this product.
    Credits
    Dmitrii Ignatyev WPScan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 4.8,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "HIGH",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-8493",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-17T03:11:26.045060Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-17T03:11:43.420Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "The Events Calendar",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "6.6.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Dmitrii Ignatyev"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "WPScan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Events Calendar WordPress plugin before 6.6.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-79 Cross-Site Scripting (XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-15T20:07:16.029Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "exploit",
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://wpscan.com/vulnerability/561b3185-501a-4a75-b880-226b159c0431/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "The Events Calendar \u003c 6.6.4 - Admin+ Stored XSS",
          "x_generator": {
            "engine": "WPScan CVE Generator"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2024-8493",
        "datePublished": "2025-05-15T20:07:16.029Z",
        "dateReserved": "2024-09-05T18:08:12.326Z",
        "dateUpdated": "2025-05-17T03:11:43.420Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-5333 (GCVE-0-2024-5333)

    Vulnerability from cvelistv5 – Published: 2024-12-16 06:00 – Updated: 2025-08-27 12:00
    VLAI
    Title
    The Events Calendar < 6.8.2.1 - Unauthenticated Password Protected Event Disclosure
    Summary
    The Events Calendar WordPress plugin before 6.8.2.1 is missing access checks in the REST API, allowing for unauthenticated users to access information about password protected events.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    References
    URL Tags
    https://wpscan.com/vulnerability/764b5a23-8b51-48… exploitvdb-entrytechnical-description
    Impacted products
    Vendor Product Version
    Unknown The Events Calendar Affected: 0 , < 6.8.2.1 (semver)
    Create a notification for this product.
    Credits
    Felipe Caon WPScan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-5333",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-16T16:47:52.421756Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-16T16:47:55.953Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "The Events Calendar",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "6.8.2.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Felipe Caon"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "WPScan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Events Calendar WordPress plugin before 6.8.2.1 is missing access checks in the REST API, allowing for unauthenticated users to access information about password protected events."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-27T12:00:55.339Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "exploit",
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://wpscan.com/vulnerability/764b5a23-8b51-4882-b899-beb54f684984/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "The Events Calendar \u003c 6.8.2.1 - Unauthenticated Password Protected Event Disclosure",
          "x_generator": {
            "engine": "WPScan CVE Generator"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2024-5333",
        "datePublished": "2024-12-16T06:00:05.897Z",
        "dateReserved": "2024-05-24T18:27:38.074Z",
        "dateUpdated": "2025-08-27T12:00:55.339Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-1295 (GCVE-0-2024-1295)

    Vulnerability from cvelistv5 – Published: 2024-06-14 06:00 – Updated: 2025-08-27 12:00
    VLAI
    Title
    The Events Calendar (Free < 6.4.0.1, Pro < 6.4.0.1) - Contributor+ Arbitrary Events Access
    Summary
    The events-calendar-pro WordPress plugin before 6.4.0.1, The Events Calendar WordPress plugin before 6.4.0.1 does not prevent users with at least the contributor role from leaking details about events they shouldn't have access to. (e.g. password-protected events, drafts, etc.)
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    References
    URL Tags
    https://wpscan.com/vulnerability/3cffbeb0-545a-40… exploitvdb-entrytechnical-description
    Impacted products
    Vendor Product Version
    Unknown events-calendar-pro Affected: 0 , < 6.4.0.1 (semver)
    Create a notification for this product.
    Unknown The Events Calendar Affected: 0 , < 6.4.0.1 (semver)
    Create a notification for this product.
    theeventscalendar the_events_calendar Affected: 0 , < 6.4.0.1 (semver)
        cpe:2.3:a:theeventscalendar:the_events_calendar:*:*:*:*:*:*:*:*
    Create a notification for this product.
    theeventscalendar events_calendar_pro Affected: 0 , < 6.4.0.1 (semver)
        cpe:2.3:a:theeventscalendar:events_calendar_pro:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Scott Kingsley Clark WPScan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:theeventscalendar:the_events_calendar:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "the_events_calendar",
                "vendor": "theeventscalendar",
                "versions": [
                  {
                    "lessThan": "6.4.0.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:theeventscalendar:events_calendar_pro:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "events_calendar_pro",
                "vendor": "theeventscalendar",
                "versions": [
                  {
                    "lessThan": "6.4.0.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1295",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-16T16:55:05.896656Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-16T17:02:16.338Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:33:25.358Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "exploit",
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/3cffbeb0-545a-4002-b02c-0fa38cada1db/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "events-calendar-pro",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "6.4.0.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "The Events Calendar",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "6.4.0.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Scott Kingsley Clark"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "WPScan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The events-calendar-pro WordPress plugin before 6.4.0.1, The Events Calendar WordPress plugin before 6.4.0.1 does not prevent users with at least the contributor role from leaking details about events they shouldn\u0027t have access to. (e.g. password-protected events, drafts, etc.)"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-27T12:00:24.293Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "exploit",
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://wpscan.com/vulnerability/3cffbeb0-545a-4002-b02c-0fa38cada1db/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "The Events Calendar (Free \u003c 6.4.0.1, Pro \u003c 6.4.0.1) - Contributor+ Arbitrary Events Access",
          "x_generator": {
            "engine": "WPScan CVE Generator"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2024-1295",
        "datePublished": "2024-06-14T06:00:02.149Z",
        "dateReserved": "2024-02-06T21:24:31.763Z",
        "dateUpdated": "2025-08-27T12:00:24.293Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-4180 (GCVE-0-2024-4180)

    Vulnerability from cvelistv5 – Published: 2024-06-04 06:00 – Updated: 2025-03-18 18:41
    VLAI
    Title
    The Events Calendar < 6.4.0.1 - Reflected XSS
    Summary
    The Events Calendar WordPress plugin before 6.4.0.1 does not properly sanitize user-submitted content when rendering some views via AJAX.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    References
    URL Tags
    https://wpscan.com/vulnerability/b2a92316-e404-4a… exploitvdb-entrytechnical-description
    Impacted products
    Vendor Product Version
    Unknown The Events Calendar Affected: 0 , < 6.4.0.1 (semver)
    Create a notification for this product.
    Credits
    Marc Montpas WPScan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 9.1,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-4180",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-04T14:32:46.121435Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-18T18:41:26.666Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:33:52.970Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "exploit",
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/b2a92316-e404-4a5e-8426-f88df6e87550/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "The Events Calendar",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "6.4.0.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Marc Montpas"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "WPScan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Events Calendar WordPress plugin before 6.4.0.1 does not properly sanitize user-submitted content when rendering some views via AJAX."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-79 Cross-Site Scripting (XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-04T06:00:02.616Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "exploit",
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://wpscan.com/vulnerability/b2a92316-e404-4a5e-8426-f88df6e87550/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "The Events Calendar \u003c 6.4.0.1 - Reflected XSS",
          "x_generator": {
            "engine": "WPScan CVE Generator"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2024-4180",
        "datePublished": "2024-06-04T06:00:02.616Z",
        "dateReserved": "2024-04-25T13:15:44.143Z",
        "dateUpdated": "2025-03-18T18:41:26.666Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-6203 (GCVE-0-2023-6203)

    Vulnerability from cvelistv5 – Published: 2023-12-18 20:07 – Updated: 2024-08-02 08:21
    VLAI
    Title
    The Events Calendar < 6.2.8.1 - Unauthenticated Arbitrary Password Protected Post Read
    Summary
    The Events Calendar WordPress plugin before 6.2.8.1 discloses the content of password protected posts to unauthenticated users via a crafted request
    Severity
    No CVSS data available.
    Assigner
    References
    URL Tags
    https://wpscan.com/vulnerability/229273e6-e849-44… exploitvdb-entrytechnical-description
    Impacted products
    Vendor Product Version
    Unknown The Events Calendar Affected: 0 , < 6.2.8.1 (semver)
    Create a notification for this product.
    Credits
    Krzysztof Zając (CERT PL) WPScan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:21:17.837Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "exploit",
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/229273e6-e849-447f-a95a-0730969ecdae"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "product": "The Events Calendar",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "6.2.8.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Krzysztof Zaj\u0105c (CERT PL)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "WPScan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Events Calendar WordPress plugin before 6.2.8.1 discloses the content of password protected posts to unauthenticated users via a crafted request"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-287 Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-18T20:07:53.415Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "exploit",
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://wpscan.com/vulnerability/229273e6-e849-447f-a95a-0730969ecdae"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "The Events Calendar \u003c 6.2.8.1 - Unauthenticated Arbitrary Password Protected Post Read",
          "x_generator": {
            "engine": "WPScan CVE Generator"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2023-6203",
        "datePublished": "2023-12-18T20:07:53.415Z",
        "dateReserved": "2023-11-20T13:33:17.684Z",
        "dateUpdated": "2024-08-02T08:21:17.837Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }