CVE-2023-6557

MEDIUM

The Events Calendar <6.2.8.2 - Info Disclosure

Title source: llm
STIX 2.1

Description

The The Events Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.2.8.2 via the route function hooked into wp_ajax_nopriv_tribe_dropdown. This makes it possible for unauthenticated attackers to extract potentially sensitive data including post titles and IDs of pending, private and draft posts.

Scores

CVSS v3 5.3
EPSS 0.0056
EPSS Percentile 42.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-862
Status published
Products (2)
stellarwp/The Events Calendar < 6.2.8.2
stellarwp/the_events_calendar < 6.2.8.2
Published Feb 05, 2024
Tracked Since Feb 18, 2026