CVE-2026-10029

The Event Koi Lite – Events Calendar, Event Management, RSVP, and Tickets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.13.1 via the get_events. This makes it possible for unauthenticated attackers to extract sensitive data including virtual meeting URLs, physical location data, latitude/longitude coordinates, Google Maps links, and RSVP configuration belonging to draft, pending, and private events that are otherwise inaccessible via public URLs.
Configurations

No configuration.

History

18 Jun 2026, 15:23

Type Values Removed Values Added
New CVE

Information

Published : 2026-06-18 06:16

Updated : 2026-06-18 15:23


NVD link : CVE-2026-10029

Mitre link : CVE-2026-10029

CVE.ORG link : CVE-2026-10029


JSON object : View

Products Affected

No product.

CWE
CWE-862

Missing Authorization