The Events Calendar

StellarWP

Developer

6.15.18

Latest version

700,000

Installations

No date

Last updated

WordPress Plugin

Active VDP

Report vulnerability

Vulnerabilities

Security Policy

Security Contributors

Vulnerability history

0 present

29 patched

8 Mitigation rules

Authenticated (Author+) Arbitrary File Read via ajax_create_import vulnerability
<= 6.15.17
11/03/2026
Improper Authorization to Authenticated (Contributor+) Event/Organizer/Venue Update/Trash via REST API vulnerability
<= 6.15.16
25/02/2026
Missing Authorization to Authenticated (Subscriber+) Data Migration Control vulnerability
<= 6.15.13
20/01/2026
Broken Access Control vulnerability
<= 6.15.12.2
09/01/2026
WordPress The Events Calendar plugin 6.15.1.1 - 6.15.9 - Unauthenticated SQL Injection via s vulnerability
6.15.1.1-6.15.9
05/11/2025
Sysinfo Key Incorrect Comparison to Unauthenticated Sensitive Information Exposure vulnerability
<= 6.15.9
05/11/2025
Missing Authorization to Authenticated (Subscriber+) Draft Event Title/QR Code Exposure vulnerability
<= 6.15.9
31/10/2025
Missing Authorization to Unauthenticated Password-Protected Information Disclosure vulnerability
<= 6.15.2
15/09/2025
Unauthenticated SQL Injection vulnerability
<= 6.15.1
11/09/2025
Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability
<= 6.13.2
11/06/2025
Broken Access Control Vulnerability
<= 6.11.2.1
19/05/2025
Admin+ Stored XSS vulnerability
< 6.6.4
19/05/2025
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
<= 6.9.0
22/01/2025
Unauthenticated Password Protected Event Disclosure vulnerability
< 6.8.2.1
16/12/2024
Cross Site Request Forgery (CSRF) vulnerability
<= 6.7.0
09/11/2024
Unauthenticated Stored Cross-Site Scripting vulnerability
<= 6.6.3
27/09/2024
Unauthenticated SQL Injection vulnerability
<= 6.6.4
25/09/2024
Cross Site Request Forgery (CSRF) vulnerability
<= 6.5.1.4
05/07/2024
Authenticated (Contributor+) Arbitrary Events Access vulnerability
< 6.4.0.1
24/05/2024
Reflected XSS vulnerability
< 6.4.0.1
15/05/2024
Cross Site Request Forgery (CSRF) vulnerability
<= 6.3.0
10/04/2024
Unauthenticated Sensitive Information Exposure vulnerability
<= 6.2.8.2
15/01/2024
Information Disclosure vulnerability
< 6.2.8.1
22/11/2023
Broken Access Control vulnerability
<= 6.1.2.2
25/07/2023
Reflected Cross Site Scripting (XSS) vulnerability
<= 6.0.13.1
19/07/2023
Sensitive Information Disclosure vulnerability
< 5.14.0.4
28/02/2022
Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
< 5.14.0.4
28/02/2022
Open Redirection
<= 4.1.1
25/04/2016
Reflected Cross Site Scripting
<= 3.0
01/08/2014