Medium severity5.3NVD Advisory· Published Nov 5, 2025· Updated Apr 15, 2026

CVE-2025-12192

Description

The Events Calendar plugin for WordPress is vulnerable to information disclosure in versions up to, and including, 6.15.9. The sysinfo REST endpoint compares the provided key to the stored opt-in key using a loose comparison, allowing unauthenticated attackers to send a boolean value and obtain the full system report whenever "Yes, automatically share my system information with The Events Calendar support team" setting is enabled.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

plugins.trac.wordpress.org/changeset/3386042/the-events-calendarnvd
www.wordfence.com/threat-intel/vulnerabilities/id/e5f3feb7-547e-4c01-8453-a1fc207ee009nvd

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000