CVE-2025-48246 — Missing Authorization in THE Events Calendar

CWE-862 — Missing Authorization3 documents3 sources

Severity

—N/A

No vector

EPSS

0.1%

top 69.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Stellarwp THE Events Calendar

Timeline

PublishedMay 19

Description

Missing Authorization vulnerability in StellarWP The Events Calendar the-events-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Events Calendar: from n/a through <= 6.11.2.1.

Affected Packages1 packages

▶CVEListV5stellarwp/the_events_calendar6.11.2.1

🔴Vulnerability Details

CVEList

WordPress The Events Calendar plugin <= 6.11.2.1 - Broken Access Control Vulnerability↗2025-05-19

▶

GHSA

GHSA-qcf6-9r7h-r3r4: Missing Authorization vulnerability in The Events Calendar The Events Calendar allows Exploiting Incorrectly Configured Access Control Security Levels↗2025-05-19

▶