Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

The Events Calendar — Vulnerabilities & Security Advisories 24

All 24 CVE vulnerabilities found in The Events Calendar, with AI-generated Chinese analysis, references, and POCs.

This page aggregates vulnerability data for the WordPress plugin The Events Calendar, focusing on common weakness categories such as Cross-Site Scripting and SQL Injection under industry-standard tagging conventions. It collects a comprehensive history of disclosed security flaws affecting this specific software product, covering incidents reported from January 2015 through the present day. By browsing this resource, you can track the vendor's security advisory timeline to understand the pace and nature of their patching efforts, gain a deeper understanding of specific weakness classes prevalent in event management plugins, and look up the complete vulnerability history of The Events Calendar to assess past risks and current exposure levels. This aggregation serves as a neutral reference for security researchers, developers, and organization administrators who need to evaluate the security posture of this widely used calendar application without navigating multiple disparate sources. The data is compiled from public advisories, database entries, and automated scanning reports, ensuring a broad view of the threat landscape associated with this tool. Whether you are conducting a risk assessment, performing a compliance review, or simply researching historical security trends for open-source WordPress plugins, this page provides the essential context needed to make informed decisions about upgrading, patching, or mitigating risks associated with The Events Calendar. The information is presented chronologically and by severity to facilitate easy analysis and comparison with other similar products in the ecosystem.

Vendor: Unknown

CVE IDTitleCVSSSeverityPublished
CVE-2026-49772 WordPress The Events Calendar plugin 6.15.12-6.16.2 - SQL Injection vulnerability CWE-89 9.3 Critical2026-06-16
CVE-2026-3585 The Events Calendar <= 6.15.17 - Authenticated (Author+) Arbitrary File Read via ajax_create_import CWE-22 7.5 High2026-03-10
CVE-2026-2694 The Events Calendar <= 6.15.16 - Improper Authorization to Authenticated (Contributor+) Event/Organizer/Venue Update/Trash via REST API CWE-285 5.4 Medium2026-02-25
CVE-2025-15043 The Events Calendar <= 6.15.13 - Missing Authorization to Authenticated (Subscriber+) Data Migration Control CWE-862 5.4 Medium2026-01-20
CVE-2025-69352 WordPress The Events Calendar plugin <= 6.15.12.2 - Broken Access Control vulnerability CWE-862 5.4 Medium2026-01-06
CVE-2025-12192 The Events Calendar <= 6.15.9 - Sysinfo Key Incorrect Comparison to Unauthenticated Sensitive Information Exposure CWE-697 5.3 Medium2025-11-05
CVE-2025-12197 The Events Calendar 6.15.1.1 - 6.15.9 - Unauthenticated SQL Injection via s CWE-89 7.5 High2025-11-05
CVE-2025-12175 The Events Calendar <= 6.15.9 - Missing Authorization to Authenticated (Subscriber+) Draft Event Title/QR Code Exposure CWE-862 4.3 Medium2025-10-31
CVE-2025-9808 The Events Calendar <= 6.15.2 - Missing Authorization to Unauthenticated Password-Protected Information Disclosure CWE-200 5.3 Medium2025-09-16
CVE-2025-9807 The Events Calendar <= 6.15.1 - Unauthenticated SQL Injection CWE-89 7.5 High2025-09-12
CVE-2025-5144 The Events Calendar <= 6.13.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting CWE-79 6.4 Medium2025-06-11
CVE-2025-48246 WordPress The Events Calendar plugin <= 6.11.2.1 - Broken Access Control Vulnerability CWE-862 5.4 Medium2025-05-19
CVE-2024-8493 The Events Calendar < 6.6.4 - Admin+ Stored XSS 4.8AIMediumAI2025-05-15
CVE-2025-24537 WordPress The Events Calendar plugin <= 6.7.0 - Cross Site Request Forgery (CSRF) vulnerability CWE-352 5.4 Medium2025-01-27
CVE-2024-12118 The Events Calendar <= 6.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2025-01-23
CVE-2024-37518 WordPress The Events Calendar plugin <= 6.5.1.4 - Cross Site Request Forgery (CSRF) vulnerability CWE-352 4.3 Medium2025-01-02
CVE-2024-5333 The Events Calendar < 6.8.2.1 - Unauthenticated Password Protected Event Disclosure 5.3 -2024-12-16
CVE-2023-35777 WordPress The Events Calendar plugin <= 6.1.2.2 - Broken Access Control vulnerability CWE-862 5.3 Medium2024-12-13
CVE-2024-6931 The Events Calendar <= 6.6.3 - Unauthenticated Stored Cross-Site Scripting CWE-79 7.2 High2024-09-27
CVE-2024-8275 The Events Calendar <= 6.6.4 - Unauthenticated SQL Injection CWE-89 9.8 Critical2024-09-25
CVE-2024-4180 The Events Calendar < 6.4.0.1 - Reflected XSS 6.1AIMediumAI2024-06-04
CVE-2024-31433 WordPress The Events Calendar plugin <= 6.3.0 - Cross Site Request Forgery (CSRF) vulnerability CWE-352 4.3 Medium2024-04-15
CVE-2023-6557 The Events Calendar <= 6.2.8.2 - Unauthenticated Sensitive Information Exposure CWE-862 5.3 Medium2024-02-05
CVE-2023-6203 The Events Calendar < 6.2.8.1 - Unauthenticated Arbitrary Password Protected Post Read 7.5AIHighAI2023-12-18

All 24 known CVE vulnerabilities affecting The Events Calendar with full Chinese analysis, references, and POCs where available.