Vulnerabilities > TRI > THE Events Calendar > 4.7.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-05 | CVE-2023-6557 | Unspecified vulnerability in TRI the Events Calendar The The Events Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.2.8.2 via the route function hooked into wp_ajax_nopriv_tribe_dropdown. | 5.3 |
| 2023-12-18 | CVE-2023-6203 | Unspecified vulnerability in TRI the Events Calendar The Events Calendar WordPress plugin before 6.2.8.1 discloses the content of password protected posts to unauthenticated users via a crafted request | 7.5 |
| 2019-08-21 | CVE-2019-15109 | Cross-site Scripting vulnerability in TRI the Events Calendar The the-events-calendar plugin before 4.8.2 for WordPress has XSS via the tribe_paged URL parameter. | 4.3 |