CVE-2025-69135
Deferred Deferred - Pending Action

Subscriber SQL Injection in WordPress Events Calendar Plugin

Vulnerability report for CVE-2025-69135, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-17

Last updated on: 2026-06-17

Assigner: Patchstack

Description

Subscriber SQL Injection in Events Schedule - WordPress Events Calendar Plugin <= 2.7.2 versions.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-17
Last Modified
2026-06-17
Generated
2026-07-08
AI Q&A
2026-06-17
EPSS Evaluated
2026-07-06
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
events_schedule wordpress_events_calendar_plugin to 2.7.2 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-89 The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2025-69135 is a high-priority SQL Injection vulnerability found in the WordPress plugin "Events Schedule - WordPress Events Calendar Plugin" version 2.7.2 or lower.

This vulnerability allows attackers to interact directly with the website's database by injecting malicious SQL code, potentially leading to unauthorized access or data theft.

Impact Analysis

This vulnerability poses a high risk with a CVSS score of 8.5 and could allow attackers to steal sensitive information from your website's database.

It is expected to be targeted in mass-exploit campaigns, potentially affecting thousands of websites regardless of their size or popularity.

Until an official patch is released, attackers could exploit this vulnerability to compromise your website's data integrity and confidentiality.

Immediate mitigation actions include updating the plugin or applying available mitigation rules provided by security services like Patchstack.

Mitigation Strategies

The vulnerability affects the WordPress plugin "Events Schedule - WordPress Events Calendar Plugin" version 2.7.2 or lower and allows high-risk SQL Injection attacks.

Immediate mitigation steps include:

  • Updating the plugin to a version higher than 2.7.2 once an official patch is released.
  • Applying the mitigation rule issued by Patchstack to block attacks until an official fix is available.
  • Seeking assistance from your hosting provider or a developer to implement temporary protections.
Compliance Impact

The SQL Injection vulnerability in the WordPress Events Calendar Plugin could allow attackers to access and steal sensitive information from the website's database.

Such unauthorized access to sensitive data may lead to non-compliance with data protection regulations and standards like GDPR and HIPAA, which require the protection of personal and sensitive information.

Therefore, if exploited, this vulnerability could result in violations of these regulations due to potential data breaches.

Detection Guidance

There is no specific detection method or commands provided in the available resources for identifying this SQL Injection vulnerability (CVE-2025-69135) on your network or system.

However, general approaches to detect SQL Injection vulnerabilities include monitoring web server logs for suspicious SQL query patterns, using web application scanners, or employing intrusion detection systems with rules targeting SQL Injection attempts.

Since Patchstack has issued a mitigation rule to block attacks until an official fix is released, applying such mitigation rules or firewall rules might help in detection or prevention.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-69135. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart