Primary

Context

Events Manager WordPress Plugin Information Exposure Vulnerability

Vulnerability

A vulnerability allowing information exposure exists in the Events Manager WordPress plugin, in all versions up to and including 7.2.2.2. The issue arises from insufficient restrictions on the 'get_location' action, allowing unauthenticated attackers to access data from password-protected, private, or draft event locations that should be off-limits.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive information from restricted event locations.

Remediation

Users are advised to update the Events Manager plugin to version 7.2.2.3 or a newer patched version.

Added: Dec 12, 2025, 12:24 PM

Updated: Dec 12, 2025, 3:29 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.1

remediation

7.7

relevance

1.5

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.1

remediation

7.7

relevance

1.5

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Events Manager WordPress Plugin Information Exposure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating