Unknown The Events Calendar vulnerabilities

CVE-2024-8493 [MEDIUM] CWE-79 CVE-2024-8493: The Events Calendar WordPress plugin before 6.6.4 does not sanitise and escape some of its settings, The Events Calendar WordPress plugin before 6.6.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

CVE-2024-5333 [MEDIUM] CWE-639 CVE-2024-5333: The Events Calendar WordPress plugin before 6.8.2.1 is missing access checks in the REST API, allowi The Events Calendar WordPress plugin before 6.8.2.1 is missing access checks in the REST API, allowing for unauthenticated users to access information about password protected events.

CVE-2024-1295 [MEDIUM] CWE-639 CVE-2024-1295: The events-calendar-pro WordPress plugin before 6.4.0.1, The Events Calendar WordPress plugin before The events-calendar-pro WordPress plugin before 6.4.0.1, The Events Calendar WordPress plugin before 6.4.0.1 does not prevent users with at least the contributor role from leaking details about events they shouldn't have access to. (e.g. password-protected events, drafts, etc.)

CVE-2024-4180 [CRITICAL] CWE-79 CVE-2024-4180: The Events Calendar WordPress plugin before 6.4.0.1 does not properly sanitize user-submitted conten The Events Calendar WordPress plugin before 6.4.0.1 does not properly sanitize user-submitted content when rendering some views via AJAX.

CVE-2023-6203 [HIGH] CWE-287 CVE-2023-6203: The Events Calendar WordPress plugin before 6.2.8.1 discloses the content of password protected post The Events Calendar WordPress plugin before 6.2.8.1 discloses the content of password protected posts to unauthenticated users via a crafted request