Stellarwp The_events_calendar
9 CVEs affecting Stellarwp The_events_calendar. Latest disclosed: 2025-06-11. Critical: 2, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-8275 | Critical | 9.8 | 2024-09-25 | The The Events Calendar plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'tribe_has_next_event' function in all versions up… |
CVE-2024-4180 | Critical | 9.1 | 2024-06-04 | The Events Calendar WordPress plugin before 6.4.0.1 does not properly sanitize user-submitted content when rendering some views via AJAX. |
CVE-2023-6203 | High | 7.5 | 2023-12-18 | The Events Calendar WordPress plugin before 6.2.8.1 discloses the content of password protected posts to unauthenticated users via a crafted request |
CVE-2024-6931 | High | 7.2 | 2024-09-27 | The The Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via RSVP name field in all versions up to, and including, 6.6.3 due t… |
CVE-2025-5144 | Medium | 6.4 | 2025-06-11 | The The Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-date-*’ parameters in all versions up to, and including… |
CVE-2019-15109 | Medium | 6.1 | 2019-08-21 | The the-events-calendar plugin before 4.8.2 for WordPress has XSS via the tribe_paged URL parameter. |
CVE-2024-5333 | Medium | 5.3 | 2024-12-16 | The Events Calendar WordPress plugin before 6.8.2.1 is missing access checks in the REST API, allowing for unauthenticated users to access information about pa… |
CVE-2023-6557 | Medium | 5.3 | 2024-02-05 | The The Events Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.2.8.2 via the route functi… |
CVE-2024-8493 | Medium | 4.8 | 2025-05-15 | The Events Calendar WordPress plugin before 6.6.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to pe… |