CVE-2026-10029
MediumCVSS 5.3Exploitation Probability (EPSS)
Low risk23th percentile — higher than 23% of all known CVEs
Summary
The Event Koi Lite – Events Calendar, Event Management, RSVP, and Tickets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to and including 1.3.13.1. This allows unauthenticated attackers to extract sensitive data such as virtual meeting URLs and location data.
Risk Assessment
The exposure of sensitive information may lead to privacy violations and allow attackers access to protected data, potentially resulting in serious consequences for the organization.
Recommendation
It is recommended to update the plugin to the latest version to mitigate this vulnerability and review the security of sensitive data stored in the system.
Original NVD description (English source)
The Event Koi Lite – Events Calendar, Event Management, RSVP, and Tickets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.13.1 via the get_events. This makes it possible for unauthenticated attackers to extract sensitive data including virtual meeting URLs, physical location data, latitude/longitude coordinates, Google Maps links, and RSVP configuration belonging to draft, pending, and private events that are otherwise inaccessible via public URLs.

