Sdokus

**Name of the Vulnerable Software and Affected Versions** The Events Calendar plugin for WordPress versions prior to 6.15.16 **Description** The Events Calendar plugin for WordPress is susceptible to unauthorized modification and potential loss of data. This is due to an insufficient capability check within the `can edit` and `can delete` functions. Authenticated attackers possessing Contributor-level access or higher can leverage the REST API to modify or delete events, organizers, and venues. The affected API allows modification via the REST API. The vulnerable parameters include event data, organizer data, and venue data. **Recommendations** Update The Events Calendar plugin to version 6.15.16 or later.