Stellarwp The Events Calendar
19 CVEs affecting Stellarwp The Events Calendar. Latest disclosed: 2026-03-10. Critical: 1, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-8275 | Critical | 9.8 | 2024-09-25 | The The Events Calendar plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'tribe_has_next_event' function in all versions up… |
CVE-2026-3585 | High | 7.5 | 2026-03-10 | The The Events Calendar plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 6.15.17 via the 'ajax_create_import' functio… |
CVE-2025-12197 | High | 7.5 | 2025-11-05 | The The Events Calendar plugin for WordPress is vulnerable to blind SQL Injection via the 's' parameter in versions 6.15.1.1 to 6.15.9 due to insufficient esca… |
CVE-2025-9807 | High | 7.5 | 2025-09-12 | The The Events Calendar plugin for WordPress is vulnerable to time-based SQL Injection via the ‘s’ parameter in all versions up to, and including, 6.15.1 due t… |
CVE-2024-6931 | High | 7.2 | 2024-09-27 | The The Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via RSVP name field in all versions up to, and including, 6.6.3 due t… |
CVE-2025-5144 | Medium | 6.4 | 2025-06-11 | The The Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-date-*’ parameters in all versions up to, and including… |
CVE-2024-12118 | Medium | 6.4 | 2025-01-23 | The The Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Event Calendar Link Widget through the html_tag attribute in… |
CVE-2022-4974 | Medium | 6.3 | 2024-10-16 | The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to… |
CVE-2026-2694 | Medium | 5.4 | 2026-02-25 | The The Events Calendar plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to an improper capability check on the 'ca… |
CVE-2025-15043 | Medium | 5.4 | 2026-01-20 | The The Events Calendar plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'start_migration', 'cancel_migration… |
CVE-2025-69352 | Medium | 5.4 | 2026-01-06 | Missing Authorization vulnerability in StellarWP The Events Calendar the-events-calendar allows Exploiting Incorrectly Configured Access Control Security Level… |
CVE-2025-48246 | Medium | 5.4 | 2025-05-19 | Missing Authorization vulnerability in StellarWP The Events Calendar the-events-calendar allows Exploiting Incorrectly Configured Access Control Security Level… |
CVE-2025-24537 | Medium | 5.4 | 2025-01-27 | Cross-Site Request Forgery (CSRF) vulnerability in StellarWP The Events Calendar the-events-calendar allows Cross Site Request Forgery.This issue affects The E… |
CVE-2025-12192 | Medium | 5.3 | 2025-11-05 | The Events Calendar plugin for WordPress is vulnerable to information disclosure in versions up to, and including, 6.15.9. The sysinfo REST endpoint compares t… |
CVE-2025-9808 | Medium | 5.3 | 2025-09-16 | The The Events Calendar plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.15.2 via the REST endpoint. This mak… |
CVE-2023-6557 | Medium | 5.3 | 2024-02-05 | The The Events Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.2.8.2 via the route functi… |
CVE-2025-12175 | Medium | 4.3 | 2025-10-31 | The The Events Calendar plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'tec_qr_code_modal' AJAX endpoint in… |
CVE-2024-37518 | Medium | 4.3 | 2025-01-02 | Cross-Site Request Forgery (CSRF) vulnerability in StellarWP The Events Calendar the-events-calendar allows Cross Site Request Forgery.This issue affects The E… |
CVE-2024-31433 | Medium | 4.3 | 2024-04-15 | Cross-Site Request Forgery (CSRF) vulnerability in StellarWP The Events Calendar the-events-calendar.This issue affects The Events Calendar: from n/a through <… |