Description
The Event Koi Lite – Events Calendar, Event Management, RSVP, and Tickets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.13.1 via the get_events. This makes it possible for unauthenticated attackers to extract sensitive data including virtual meeting URLs, physical location data, latitude/longitude coordinates, Google Maps links, and RSVP configuration belonging to draft, pending, and private events that are otherwise inaccessible via public URLs.
Analysis and contextual insights are available on OpenCVE Cloud.
Remediation
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
History
Sun, 21 Jun 2026 09:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Eventkoi
Eventkoi event Koi Lite – Events Calendar, Event Management, Rsvp, And Tickets Wordpress Wordpress wordpress |
|
| Vendors & Products |
Eventkoi
Eventkoi event Koi Lite – Events Calendar, Event Management, Rsvp, And Tickets Wordpress Wordpress wordpress |
Thu, 18 Jun 2026 16:45:00 +0000
Status: PUBLISHED
Assigner: Wordfence
Published:
Updated: 2026-06-18T12:34:33.636Z
Reserved: 2026-05-28T18:30:45.769Z
Link: CVE-2026-10029
Updated: 2026-06-18T12:34:30.275Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-06-20T22:56:40Z
Weaknesses