CVE-2025-12192
The Events Calendar <= 6.15.9 - Sysinfo Key Incorrect Comparison to Unauthenticated Sensitive Information ExposureThe Events Calendar plugin for WordPress is vulnerable to information disclosure in versions up to, and including, 6.15.9. The sysinfo REST endpoint compares the provided key to the stored opt-in key using a loose comparison, allowing unauthenticated attackers to send a boolean value and obtain the full system report whenever "Yes, automatically share my system information with The Events Calendar support team" setting is enabled.
We have discovered 92,819 live websites that are affected by CVE-2025-12192.
Affected Software
| Product |  The Events Calendar |
| Category | Wordpress Plugins |
| Vulnerable Domains | 92,819 live websites (93% of The Events Calendar install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 333 versions ( 99% of all versions) |
Common Weakness Enumeration
CWE-697 Incorrect ComparisonDetails
- Published - Nov 5, 2025
- Updated - Nov 5, 2025
Credits
- Michael Mazzolini (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2025-12192 United States | 35,520 websites |
 Germany | 14,419 websites |
 France | 5,139 websites |
 GB | 4,338 websites |
 Italy | 3,243 websites |
 Netherlands | 3,125 websites |
 Canada | 2,866 websites |
 Spain | 2,330 websites |
 Switzerland | 1,750 websites |
 Denmark | 1,439 websites |
Website Distribution by TLD
Number of websites using CVE-2025-12192| .com | 27,383 websites |
| .org | 18,676 websites |
| .de | 10,627 websites |
| .nl | 3,128 websites |
| .fr | 2,524 websites |
| .it | 2,401 websites |
| .co.uk | 1,905 websites |
| .ca | 1,799 websites |
| .net | 1,694 websites |
| .ch | 1,490 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2025-12192
Top websites that are affected by CVE-2025-12192. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ****.*******.org | United States | *,*** | |
| **********.com | United States | *,*** | |
| ******.com | United States | **,*** | |
| *****.**.uk | United States | **,*** | |
| *********.com | United States | **,*** | |
| ******.com | United States | **,*** | |
| *******.com | United States | **,*** | |
| *******.org | United States | **,*** | |
| *****.org | United States | **,*** | |
| *******************.nl | Netherlands | **,*** |
FAQ
CVE-2025-12192 is Incorrect Comparison in The Events Calendar
A total of 92,819 websites have been identified as vulnerable to CVE-2025-12192, based on global website indexing conducted by WebTechSurvey.
The The Events Calendar is affected by the CVE-2025-12192 vulnerability.
The Events Calendar versions up to and including 6.15.9 are vulnerable to CVE-2025-12192.