CVE-2026-2694
Received Received - Intake
Improper Capability Check in The Events Calendar Plugin Allows Data Modification

Publication date: 2026-02-25

Last updated on: 2026-02-25

Assigner: Wordfence

Description
The The Events Calendar plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to an improper capability check on the 'can_edit' and 'can_delete' function in all versions up to, and including, 6.15.16. This makes it possible for authenticated attackers, with Contributor-level access and above, to update or trash events, organizers and venues via REST API.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-25
Last Modified
2026-02-25
Generated
2026-06-16
AI Q&A
2026-02-26
EPSS Evaluated
2026-06-15
NVD
CVE-2026-2694
EUVD
EUVD-2026-8745
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
the_events_calendar the_events_calendar to 6.15.16 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-285 The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The Events Calendar plugin for WordPress has a vulnerability due to improper capability checks on the 'can_edit' and 'can_delete' functions in all versions up to and including 6.15.16.

This flaw allows authenticated attackers with Contributor-level access or higher to modify or delete events, organizers, and venues through the REST API.

Impact Analysis

This vulnerability can lead to unauthorized modification or deletion of event-related data within the WordPress site using The Events Calendar plugin.

Attackers with Contributor-level access or above can update or trash events, organizers, and venues, potentially causing data loss or disruption of event management.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-2694. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart