PT-2026-22024 · WordPress · The Events Calendar
Sdokus
·
Publicado
2026-02-25
·
Atualizado
2026-02-26
·
CVE-2026-2694
CVSS v3.1
5.4
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
The Events Calendar plugin for WordPress versions prior to 6.15.16
Description
The Events Calendar plugin for WordPress is susceptible to unauthorized modification and potential loss of data. This is due to an insufficient capability check within the
can edit and can delete functions. Authenticated attackers possessing Contributor-level access or higher can leverage the REST API to modify or delete events, organizers, and venues. The affected API allows modification via the REST API. The vulnerable parameters include event data, organizer data, and venue data.Recommendations
Update The Events Calendar plugin to version 6.15.16 or later.
Correção
Improper Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
The Events Calendar