Stellarwp The_events_calendar

9 CVEs affecting Stellarwp The_events_calendar. Latest disclosed: 2025-06-11. Critical: 2, High: 2.

Top CVEs affecting Stellarwp The_events_calendar
CVESeverityScorePublishedSummary
CVE-2024-8275Critical9.82024-09-25The The Events Calendar plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'tribe_has_next_event' function in all versions up…
CVE-2024-4180Critical9.12024-06-04The Events Calendar WordPress plugin before 6.4.0.1 does not properly sanitize user-submitted content when rendering some views via AJAX.
CVE-2023-6203High7.52023-12-18The Events Calendar WordPress plugin before 6.2.8.1 discloses the content of password protected posts to unauthenticated users via a crafted request
CVE-2024-6931High7.22024-09-27The The Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via RSVP name field in all versions up to, and including, 6.6.3 due t…
CVE-2025-5144Medium6.42025-06-11The The Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-date-*’ parameters in all versions up to, and including…
CVE-2019-15109Medium6.12019-08-21The the-events-calendar plugin before 4.8.2 for WordPress has XSS via the tribe_paged URL parameter.
CVE-2024-5333Medium5.32024-12-16The Events Calendar WordPress plugin before 6.8.2.1 is missing access checks in the REST API, allowing for unauthenticated users to access information about pa…
CVE-2023-6557Medium5.32024-02-05The The Events Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.2.8.2 via the route functi…
CVE-2024-8493Medium4.82025-05-15The Events Calendar WordPress plugin before 6.6.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to pe…