The Events Calendar plugin for WordPress is vulnerable to a security risk in all versions up to and including 6.2.8. This risk allows people who are not authenticated users to access sensitive information, including content from private posts, using a function called “get_data”. This is done through the WordPress REST API.