A popular plugin for WordPress called The Events Calendar has a security issue that affects all versions up to 6.2.8.2. This issue involves a function called “route” that is connected to something called “wp_ajax_nopriv_tribe_dropdown.” This means that people who are not logged in can access private information such as post titles and IDs for posts that are not yet published.