Thank you for the quick turn around on this update, I can indeed confirm that this API is no longer leaking data.
If I were you guys, I would be contacting your customers and telling them to update to the latest version, so many bots crawl WordPress sites that could be getting that data. Also many may be unknowingly breaking GDPR.
Andy
A quick search for cpabc_calendar_load2 on google, you can find a few websites that use this plugin and have data exposed…
This is a school…
http://www.indianpublicschool.com/?cpabc_calendar_load2=1&id=cal1&nocache=0.027216591173782945
You should fix this straight away.
