Title: Server side request forgery Last modified: February 27, 2024 --- # Server side request forgery * [mcho](https://wordpress.org/support/users/mcho/) * (@mcho) * [2 years, 3 months ago](https://wordpress.org/support/topic/server-side-request-forgery-2/) * Hi, our security scanner is seeing the server side request forgery vulnerabilities on the Event Calendar wp-json URLs, such as [https://www.sfari.org/wp-json/tribe/events/v1/events/](https://www.sfari.org/wp-json/tribe/events/v1/events/) and [https://www.simonsfoundation.org/wp-json/tribe/events/v1/venues/by-slug/](https://www.simonsfoundation.org/wp-json/tribe/events/v1/venues/by-slug/) by POST. How can we fix this problem? Is this problem addressed already in your plugin? If so, which version? * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fserver-side-request-forgery-2%2F%3Foutput_format%3Dmd&locale=en_US) to see the link]_ Viewing 1 replies (of 1 total) * Plugin Author [Gustavo Bordoni](https://wordpress.org/support/users/bordoni/) * (@bordoni) * [2 years, 3 months ago](https://wordpress.org/support/topic/server-side-request-forgery-2/#post-17455071) * Hi [@mcho](https://wordpress.org/support/users/mcho/), * Please report this directly to us with more details, you can mention me by name on the report. * Reach out to our support here: `support@theeventscalendar.com` * I am flagging this for being taken down since I am not sure if this is a valid security report or a false positive. best Regards, Viewing 1 replies (of 1 total) The topic ‘Server side request forgery’ is closed to new replies. * ![](https://ps.w.org/the-events-calendar/assets/icon-256x256.gif?rev=2516440) * [The Events Calendar](https://wordpress.org/plugins/the-events-calendar/) * [Frequently Asked Questions](https://wordpress.org/plugins/the-events-calendar/#faq) * [Support Threads](https://wordpress.org/support/plugin/the-events-calendar/) * [Active Topics](https://wordpress.org/support/plugin/the-events-calendar/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/the-events-calendar/unresolved/) * [Reviews](https://wordpress.org/support/plugin/the-events-calendar/reviews/) * 1 reply * 2 participants * Last reply from: [Gustavo Bordoni](https://wordpress.org/support/users/bordoni/) * Last activity: [2 years, 3 months ago](https://wordpress.org/support/topic/server-side-request-forgery-2/#post-17455071) * Status: not resolved