Stellarwp The Events Calendar vulnerabilities

CVE-2024-31433 CWE-352 CVE-2024-31433: Cross-Site Request Forgery (CSRF) vulnerability in StellarWP The Events Calendar the-events-calendar Cross-Site Request Forgery (CSRF) vulnerability in StellarWP The Events Calendar the-events-calendar.This issue affects The Events Calendar: from n/a through <= 6.3.0.

CVE-2023-6557 [MEDIUM] CWE-862 CVE-2023-6557: The The Events Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in all The The Events Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.2.8.2 via the route function hooked into wp_ajax_nopriv_tribe_dropdown. This makes it possible for unauthenticated attackers to extract potentially sensitive data including post titles and IDs of pending, private and draf

CVE-2023-6203 [HIGH] CWE-287 CVE-2023-6203: The Events Calendar WordPress plugin before 6.2.8.1 discloses the content of password protected post The Events Calendar WordPress plugin before 6.2.8.1 discloses the content of password protected posts to unauthenticated users via a crafted request

CVE-2019-15109 [MEDIUM] CWE-79 CVE-2019-15109: The the-events-calendar plugin before 4.8.2 for WordPress has XSS via the tribe_paged URL parameter. The the-events-calendar plugin before 4.8.2 for WordPress has XSS via the tribe_paged URL parameter.