PT-2026-24176 · WordPress · The Events Calendar
Dmitry Ignatyev
·
Published
2026-03-10
·
Updated
2026-03-11
·
CVE-2026-3585
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
The Events Calendar plugin for WordPress versions prior to 6.15.18
Description
The Events Calendar plugin for WordPress is susceptible to a Path Traversal issue in versions up to and including 6.15.17. This allows authenticated attackers with Author-level access or higher to read arbitrary files on the server, potentially exposing sensitive information. The issue resides within the
ajax create import function.Recommendations
Update The Events Calendar plugin to version 6.15.18 or later.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
The Events Calendar