Stellarwp

The Events Calendar

15 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2026-2694

  • EPSS 0.05%
  • Veröffentlicht 25.02.2026 21:25:02
  • Zuletzt bearbeitet 27.02.2026 14:06:59

The The Events Calendar plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to an improper capability check on the 'can_edit' and 'can_delete' function in all versions up to, and including, 6.15.16. This makes...

5.4

CVE-2025-15043

  • EPSS 0.06%
  • Veröffentlicht 20.01.2026 14:26:32
  • Zuletzt bearbeitet 26.01.2026 15:05:23

The The Events Calendar plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'start_migration', 'cancel_migration', and 'revert_migration' functions in all versions up to, and including, 6.15.13. This mak...

5.4

CVE-2025-69352

  • EPSS 0.03%
  • Veröffentlicht 06.01.2026 16:36:40
  • Zuletzt bearbeitet 20.01.2026 15:20:04

Missing Authorization vulnerability in StellarWP The Events Calendar the-events-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Events Calendar: from n/a through <= 6.15.12.2.

5.3

CVE-2025-12192

  • EPSS 0.06%
  • Veröffentlicht 05.11.2025 09:27:40
  • Zuletzt bearbeitet 06.11.2025 19:45:30

The Events Calendar plugin for WordPress is vulnerable to information disclosure in versions up to, and including, 6.15.9. The sysinfo REST endpoint compares the provided key to the stored opt-in key using a loose comparison, allowing unauthenticated...

7.5

CVE-2025-12197

  • EPSS 0.18%
  • Veröffentlicht 05.11.2025 04:36:58
  • Zuletzt bearbeitet 06.11.2025 19:45:30

The The Events Calendar plugin for WordPress is vulnerable to blind SQL Injection via the 's' parameter in versions 6.15.1.1 to 6.15.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL ...

4.3

CVE-2025-12175

  • EPSS 0.05%
  • Veröffentlicht 31.10.2025 08:25:54
  • Zuletzt bearbeitet 04.11.2025 15:41:31

The The Events Calendar plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'tec_qr_code_modal' AJAX endpoint in all versions up to, and including, 6.15.9. This makes it possible for authenticated attack...

5.4

CVE-2025-5144

  • EPSS 0.06%
  • Veröffentlicht 11.06.2025 12:22:52
  • Zuletzt bearbeitet 10.07.2025 00:25:36

The The Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-date-*’ parameters in all versions up to, and including, 6.13.2 due to insufficient input sanitization and output escaping. This makes it possible...

4.8

CVE-2024-8493

Exploit
  • EPSS 0.08%
  • Veröffentlicht 15.05.2025 20:15:58
  • Zuletzt bearbeitet 04.06.2025 20:08:55

The Events Calendar WordPress plugin before 6.6.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disal...

5.3

CVE-2024-5333

Exploit
  • EPSS 7.34%
  • Veröffentlicht 16.12.2024 06:15:08
  • Zuletzt bearbeitet 14.05.2025 20:16:11

The Events Calendar WordPress plugin before 6.8.2.1 is missing access checks in the REST API, allowing for unauthenticated users to access information about password protected events.

6.1

CVE-2024-6931

  • EPSS 30.12%
  • Veröffentlicht 27.09.2024 09:15:04
  • Zuletzt bearbeitet 04.10.2024 19:08:35

The The Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via RSVP name field in all versions up to, and including, 6.6.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthent...