Medium 5.3
2025-09-16< 6.15.3
The Events Calendar <= 6.15.2 - Missing Authorization to Unauthenticated Password-Protected Information Disclosure
The Events Calendar
Minimum safe version
6.15.17.1
Update to 6.15.17.1 or later to address 43 fixable vulnerabilities
Latest available6.15.20 ✓
High 7.5
2025-09-12< 6.15.1.1
The Events Calendar <= 6.15.1 - Unauthenticated SQL Injection
N/A
2026-02-25< 6.15.16.1
The Events Calendar <= 6.15.16 - Improper Authorization to Authenticated (Contributor+) Event/Organizer/Venue Update/Trash via REST API
N/A
2026-03-09< 6.15.17.1
The Events Calendar <= 6.15.17 - Authenticated (Author+) Arbitrary File Read via ajax_create_import
Medium 5.4
2026-01-20< 6.15.13.1
CVE-2025-15043
Medium 5.4
2026-01-09< 6.15.13
The Events Calendar <= 6.15.12.2 - Missing Authorization
High 7.5
2025-11-05< 6.15.10
CVE-2025-12197
Medium 5.3
2025-11-05< 6.15.10
CVE-2025-12192
Medium 4.3
2025-10-31< 6.15.10
CVE-2025-12175
Medium 6.4
2025-06-11< 6.13.2.1
The Events Calendar <= 6.13.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting
N/A
2025-05-19< 6.12.0
CVE-2025-48246
Medium 5.4
2025-01-27< 6.7.1
CVE-2025-24537
Medium 6.4
2025-01-23< 6.9.1
CVE-2024-12118
Medium 5.3
2024-12-16< 6.8.2.1
CVE-2024-5333
Medium 6.3
2024-10-16< 5.14.0.4
Freemius SDK <= 2.4.2 - Missing Authorization Checks
Medium 4.8
2025-05-15< 6.6.4
The Events Calendar <= 6.6.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
Critical 9.8
2024-09-25< 6.6.4.1
CVE-2024-8275
Medium 6.1
2024-09-27< 6.6.4
CVE-2024-6931
Medium 4.3
2025-01-02< 6.5.1.5
CVE-2024-37518
Medium 6.5
2024-06-14< 6.4.0.1
CVE-2024-1295
Critical 9.1
2024-06-04< 6.4.0.1
CVE-2024-4180
Medium 4.3
2024-04-15< 6.3.1
CVE-2024-31433
Medium 5.3
2024-02-05< 6.2.9
CVE-2023-6557
High 7.5
2023-12-18< 6.2.8.1
CVE-2023-6203
N/A
2023-11-22< 6.2.8.1
WordPress The Events Calendar Plugin < 6.2.8.1 is vulnerable to Sensitive Data Exposure
N/A
2023-11-20< 6.2.8.1
The Events Calendar <= 6.2.8 - Information Disclosure
N/A
< 5.14.0
The Events Calendar < 5.14.0 - Reflected Cross-Site Scripting
N/A
< 3.0.1
The Events Calendar <= 3.0 - Reflected Cross-Site Scripting (XSS)
N/A
< 4.1.1.1
The Events Calendar <= 4.1.1 - Open Redirect
N/A
2023-02-28< 5.14.0.4
WordPress The Events Calendar Plugin < 5.14.0.4 is vulnerable to Sensitive Data Exposure
N/A
2023-02-28< 5.14.0.4
WordPress The Events Calendar Plugin < 5.14.0.4 is vulnerable to Cross Site Request Forgery (CSRF)
N/A
2023-04-25< 4.1.1.1
WordPress The Events Calendar Plugin <= 4.1.1 is vulnerable to Open Redirection
N/A
2023-08-01< 3.0.1
WordPress The Events Calendar Plugin <= 3.0 is vulnerable to Cross Site Scripting (XSS)
N/A
2023-07-19< 6.1.0
WordPress The Events Calendar Plugin <= 6.0.13.1 is vulnerable to Cross Site Scripting (XSS)
Medium 5.3
2024-12-13< 6.1.3
CVE-2023-35777
N/A
2016-04-25< 4.1.1.1
The Events Calendar < 4.1.1.1 - Open Redirect
N/A
2022-03-04< 5.14.0.4
Freemius SDK <= 2.4.2 - Missing Authorization Checks
N/A
< 5.14.0.4
Unauthorised AJAX Calls via Freemius
N/A
2014-08-01< 3.0.1
WordPress The Events Calendar Plugin <= 3.0 - Reflected Cross Site Scripting
N/A
2016-04-25< 4.1.1.1
WordPress The Events Calendar Plugin <= 4.1.1 - Open Redirection
N/A
2022-02-28< 5.14.0.4
WordPress The Events Calendar plugin < 5.14.0.4 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
N/A
2022-02-28< 5.14.0.4
WordPress The Events Calendar plugin < 5.14.0.4 - Sensitive Information Disclosure vulnerability
Medium 6.1
2019-08-21< 4.8.2
CVE-2019-15109