CVE-2025-24537 — Cross-Site Request Forgery in THE Events Calendar

CWE-352 — Cross-Site Request Forgery CWE-190 — Integer Overflow or Wraparound4 documents4 sources

Severity

7.5HIGH

No vector

EPSS

0.1%

top 77.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Stellarwp THE Events Calendar

Timeline

PublishedJan 27

Description

Cross-Site Request Forgery (CSRF) vulnerability in StellarWP The Events Calendar the-events-calendar allows Cross Site Request Forgery.This issue affects The Events Calendar: from n/a through <= 6.7.0.

Affected Packages1 packages

▶CVEListV5stellarwp/the_events_calendar6.7.0

🔴Vulnerability Details

GHSA

GHSA-q427-677q-cw5w: Cross-Site Request Forgery (CSRF) vulnerability in The Events Calendar The Events Calendar allows Cross Site Request Forgery↗2025-01-27

▶

CVEList

WordPress The Events Calendar plugin <= 6.7.0 - Cross Site Request Forgery (CSRF) vulnerability↗2025-01-27

▶

📋Vendor Advisories

Microsoft

Infinite loop in parsing in go/scanner↗2023-04-11

▶