5.3

CVE-2026-1310

EPSS 0.03%
Veröffentlicht 28.01.2026 06:43:45
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle security@wordfence.com
CVE-Watchlists
Login
Unerledigt
Login

Simple calendar for Elementor <= 1.6.6 - Missing Authorization to Unauthenticated Arbitrary Calendar Entry Deletion

The Simple calendar for Elementor plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.6.6. This is due to missing capability checks on the `miga_ajax_editor_cal_delete` function that is hooked to the `miga_editor_cal_delete` AJAX action with both authenticated and unauthenticated access enabled. This makes it possible for unauthenticated attackers to delete arbitrary calendar entries by sending a request with a valid nonce and the calendar entry ID.

Mögliche Gegenmaßnahme

Simple calendar for Elementor: Update to version 1.6.7, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Simple calendar for Elementor

Version *-1.6.6

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Herstellermigaweb

≫

Produkt Simple calendar for Elementor

Default Statusunaffected

Version <= 1.6.6

Version 0

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.092

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@wordfence.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://www.wordfence.com/threat-intel/vulnerabilities/id/e537c56d-7c5e-4f21-b266-ef3d1a87caf2?source=cve

https://plugins.trac.wordpress.org/browser/simple-calendar-for-elementor/trunk/widget/includes/backend_functions.php#L3

https://plugins.trac.wordpress.org/browser/simple-calendar-for-elementor/tags/1.6.6/widget/includes/backend_functions.php#L3

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3444617%40simple-calendar-for-elementor&new=3444617%40simple-calendar-for-elementor&sfp_email=&sfph_mail=

https://www.wordfence.com/threat-intel/vulnerabilities/id/e537c56d-7c5e-4f21-b266-ef3d1a87caf2

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-1310

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-1310

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-1310

EUVD