CVE-2024-5333

MEDIUM NUCLEI

The Events Calendar <6.8.2.1 - Info Disclosure

Title source: llm

Description

The Events Calendar WordPress plugin before 6.8.2.1 is missing access checks in the REST API, allowing for unauthenticated users to access information about password protected events.

Nuclei Templates (1)

WordPress Events Calendar 6.8.2.1 - Information Disclosure

MEDIUMVERIFIEDby DhiyaneshDk

Shodan: html:"/wp-content/plugins/the-events-calendar/"

References (1)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/764b5a23-8b51-4882-b899-beb54f684984/

Scores

CVSS v3 5.3

EPSS 0.0839

EPSS Percentile 92.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

Status published

Products (1)

stellarwp/the_events_calendar < 6.8.2.1

Published Dec 16, 2024

Tracked Since Feb 18, 2026