Events Manager

5.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Description

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 7.2.2.2 via the 'get_location' action due to insufficient restrictions on which locations can be included. This makes it possible for unauthenticated attackers to extract data from password protected, private, or draft event locations that they should not have access to.

Basic Information

ID CVE-2025-12408

Source Wordfence

Published Dec 12, 2025 at 11:15

Affected Product

Vendor netweblogic

Product Events Manager – Calendar, Bookings, Tickets, and more!

Version *

Affected Versions netweblogic Events Manager – Calendar, Bookings, Tickets, and more! *

CWE Classification

CWE-200

References

{
    "lastseen": "",
    "description": "The Events Manager \u2013 Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 7.2.2.2 via the 'get_location' action due to insufficient restrictions on which locations can be included. This makes it possible for unauthenticated attackers to extract data from password protected, private, or draft event locations that they should not have access to.",
    "published": "2025-12-12T11:15:50.794Z",
    "modified": "2025-12-12T11:15:50.794Z",
    "type": "cve",
    "title": "Events Manager <= 7.2.2.2 - Unauthenticated Information Exposure",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8470b7be-6fae-4941-b523-93e230366522?source=cve\nhttps://plugins.trac.wordpress.org/changeset/3392395/events-manager/trunk/em-actions.php",
    "id": "CVE-2025-12408",
    "bulletinFamily": "",
    "cwe": [
        "CWE-200"
    ],
    "cvelist": null,
    "sourceData": "netweblogic Events Manager \u2013 Calendar, Bookings, Tickets, and more! *",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Events Manager \u2013 Calendar, Bookings, Tickets, and more!",
    "version": "*",
    "vendor": "netweblogic",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Events Manager <= 7.2.2.2 - Unauthenticated Information Exposure_CVE-2025-12408