SQL Injection Vulnerability in Events Calendar Plugin by WordPress
CVE-2025-69135

8.5HIGH

Key Information:

Vendor: WordPress
Status: Events Schedule - WordPress Events Calendar Plugin
Vendor: CVE Published:; 17 June 2026

What is CVE-2025-69135?

The Events Calendar Plugin for WordPress, versions 2.7.2 and earlier, is vulnerable to SQL injection attacks, which allows unauthorized users to manipulate database queries. This weakness can lead to data leakage or unauthorized modifications, posing a significant risk to websites utilizing this plugin. Users are encouraged to update to the latest version to mitigate potential exploitation risks.

Affected Version(s)

Events Schedule - WordPress Events Calendar Plugin <= 2.7.2

References

https://patchstack.com/database/wordpress/plugin/weekly-c...

vdb-entry

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 17, 2026
Vulnerability Reserved
Dec 29, 2025

Credit

0xd4rk5id3 | Patchstack Bug Bounty Program

CVE-2025-69135 Data

JSON