Skip to main content

Events Schedule Wordpress Events Calendar Plugin

1 CVEs product

Monthly

CVE-2025-69135 HIGH This Week

SQL injection in the Events Schedule - WordPress Events Calendar plugin (versions <= 2.7.2) by CurlyThemes allows authenticated users with Subscriber-level privileges to inject arbitrary SQL into backend database queries. Because the CVSS scope is Changed with high confidentiality impact, a successful attacker can read data beyond the plugin's intended boundary, potentially exfiltrating WordPress user hashes and site secrets. No public exploit identified at time of analysis, and the issue is reported by Patchstack.

WordPress SQLi Events Schedule Wordpress Events Calendar Plugin
NVD
CVSS 3.1
8.5
EPSS
0.3%
EPSS 0% CVSS 8.5
HIGH This Week

SQL injection in the Events Schedule - WordPress Events Calendar plugin (versions <= 2.7.2) by CurlyThemes allows authenticated users with Subscriber-level privileges to inject arbitrary SQL into backend database queries. Because the CVSS scope is Changed with high confidentiality impact, a successful attacker can read data beyond the plugin's intended boundary, potentially exfiltrating WordPress user hashes and site secrets. No public exploit identified at time of analysis, and the issue is reported by Patchstack.

WordPress SQLi Events Schedule Wordpress Events Calendar Plugin
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy