cleantalk
Vulnerabilities and Security Researches

The Events Calendar, CVE-2025-9808

CVE, Research URL

CVE-2025-9808

Home page URL

Security reports for The Events Calendar

Application

The Events Calendar

Published on
Sep 16, 2025
Research Description
The The Events Calendar plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.15.2 via the REST endpoint. This makes it possible for unauthenticated attackers to extract information about password-protected vendors or venues.
Affected versions
max 6.15.3.
Status
vulnerable
Previous vulnerability researches
Booking Calendar – Clockwork SMS (CVE-2017-17780) , Jun 07, 2024
Booking Calendar – Clockwork SMS (CVE-2017-18555) , Jun 07, 2024
New vulnerability
Widgets for Google Reviews (CVE-2025-9436) , Apr 24, 2026
WP Mailgun SMTP (CVE-2025-59003) , Apr 24, 2026
TP Woocommerce Product Gallery (CVE-2025-5092) , Apr 24, 2026
Gallery with thumbnail slider (CVE-2025-5092) , Apr 24, 2026
Featured Post Creative (CVE-2026-6443) , Apr 24, 2026