The Events Shortcodes & Templates For The Events Calendar plugin for WordPress has a security issue that could give attackers access to sensitive information from the database. The issue exists in versions up to 2.3.1 and could be exploited with contributor-level access or higher. Attackers could use a specific parameter in the plugin’s shortcode to append additional SQL queries to existing queries and extract data.