CVE Catalog

CVE-2026-10029

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.31%

23th percentile — higher than 23% of all known CVEs

Summary

The Event Koi Lite – Events Calendar, Event Management, RSVP, and Tickets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to and including 1.3.13.1. This allows unauthenticated attackers to extract sensitive data such as virtual meeting URLs and location data.

Risk Assessment

The exposure of sensitive information may lead to privacy violations and allow attackers access to protected data, potentially resulting in serious consequences for the organization.

Recommendation

It is recommended to update the plugin to the latest version to mitigate this vulnerability and review the security of sensitive data stored in the system.

Original NVD description (English source)

The Event Koi Lite – Events Calendar, Event Management, RSVP, and Tickets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.13.1 via the get_events. This makes it possible for unauthenticated attackers to extract sensitive data including virtual meeting URLs, physical location data, latitude/longitude coordinates, Google Maps links, and RSVP configuration belonging to draft, pending, and private events that are otherwise inaccessible via public URLs.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS