Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2026-7525
Deferred
More InfoOfficial Page
Source-security@wordfence.com
View Known Exploited Vulnerability (KEV) details
Published At-14 May, 2026 | 05:16
Updated At-14 May, 2026 | 14:29

The My Calendar – Accessible Event Manager plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.7.9. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with custom-level access and above, to bypass the moderation and approval workflow by tampering with the POST body to publish events or set other unauthorized statuses such as cancelled or private, in ways their role does not permit. While the UI correctly restricts low-privilege users to a draft-only submit button, this restriction is enforced only client-side, making it trivially bypassable by directly manipulating the POST request.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Type: Primary
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-862Primarysecurity@wordfence.com
CWE ID: CWE-862
Type: Primary
Source: security@wordfence.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/joedolson/my-calendar/commit/98aef8fbfc6ca4cfe50aaa36761d5f1eb629dfe4security@wordfence.com
N/A
https://plugins.trac.wordpress.org/browser/my-calendar/tags/3.7.4/my-calendar-event-editor.php#L2384security@wordfence.com
N/A
https://plugins.trac.wordpress.org/browser/my-calendar/tags/3.7.4/my-calendar-event-editor.php#L406security@wordfence.com
N/A
https://plugins.trac.wordpress.org/browser/my-calendar/tags/3.7.4/my-calendar-event-editor.php#L601security@wordfence.com
N/A
https://plugins.trac.wordpress.org/browser/my-calendar/tags/3.7.9/my-calendar-event-editor.php#L2384security@wordfence.com
N/A
https://plugins.trac.wordpress.org/browser/my-calendar/tags/3.7.9/my-calendar-event-editor.php#L406security@wordfence.com
N/A
https://plugins.trac.wordpress.org/browser/my-calendar/tags/3.7.9/my-calendar-event-editor.php#L601security@wordfence.com
N/A
https://plugins.trac.wordpress.org/browser/my-calendar/trunk/my-calendar-event-editor.php#L2384security@wordfence.com
N/A
https://plugins.trac.wordpress.org/browser/my-calendar/trunk/my-calendar-event-editor.php#L406security@wordfence.com
N/A
https://plugins.trac.wordpress.org/browser/my-calendar/trunk/my-calendar-event-editor.php#L601security@wordfence.com
N/A
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3527861%40my-calendar&new=3527861%40my-calendar&sfp_email=&sfph_mail=security@wordfence.com
N/A
https://www.wordfence.com/threat-intel/vulnerabilities/id/3e27c0b0-c74f-47ad-b9ed-9fd6bd05d040?source=cvesecurity@wordfence.com
N/A
Hyperlink: https://github.com/joedolson/my-calendar/commit/98aef8fbfc6ca4cfe50aaa36761d5f1eb629dfe4
Source: security@wordfence.com
Resource: N/A
Hyperlink: https://plugins.trac.wordpress.org/browser/my-calendar/tags/3.7.4/my-calendar-event-editor.php#L2384
Source: security@wordfence.com
Resource: N/A
Hyperlink: https://plugins.trac.wordpress.org/browser/my-calendar/tags/3.7.4/my-calendar-event-editor.php#L406
Source: security@wordfence.com
Resource: N/A
Hyperlink: https://plugins.trac.wordpress.org/browser/my-calendar/tags/3.7.4/my-calendar-event-editor.php#L601
Source: security@wordfence.com
Resource: N/A
Hyperlink: https://plugins.trac.wordpress.org/browser/my-calendar/tags/3.7.9/my-calendar-event-editor.php#L2384
Source: security@wordfence.com
Resource: N/A
Hyperlink: https://plugins.trac.wordpress.org/browser/my-calendar/tags/3.7.9/my-calendar-event-editor.php#L406
Source: security@wordfence.com
Resource: N/A
Hyperlink: https://plugins.trac.wordpress.org/browser/my-calendar/tags/3.7.9/my-calendar-event-editor.php#L601
Source: security@wordfence.com
Resource: N/A
Hyperlink: https://plugins.trac.wordpress.org/browser/my-calendar/trunk/my-calendar-event-editor.php#L2384
Source: security@wordfence.com
Resource: N/A
Hyperlink: https://plugins.trac.wordpress.org/browser/my-calendar/trunk/my-calendar-event-editor.php#L406
Source: security@wordfence.com
Resource: N/A
Hyperlink: https://plugins.trac.wordpress.org/browser/my-calendar/trunk/my-calendar-event-editor.php#L601
Source: security@wordfence.com
Resource: N/A
Hyperlink: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3527861%40my-calendar&new=3527861%40my-calendar&sfp_email=&sfph_mail=
Source: security@wordfence.com
Resource: N/A
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/3e27c0b0-c74f-47ad-b9ed-9fd6bd05d040?source=cve
Source: security@wordfence.com
Resource: N/A
Change History
0Changes found
Details not found