CVE-2026-3585 | stellarwp Events Calendar Plugin up to 6.15.17 on WordPress ajax_create_import path traversal

Inserito da Angelo Barbosa | Mar 10, 2026 | CVE

A vulnerability was found in stellarwp Events Calendar Plugin up to 6.15.17 on WordPress. It has been classified as critical. This affects the function ajax_create_import. The manipulation leads to path traversal.

This vulnerability is uniquely identified as CVE-2026-3585. The attack is possible to be carried out remotely. No exploit exists.

CVE-2026-3585 | stellarwp Events Calendar Plugin up to 6.15.17 on WordPress ajax_create_import path traversal

Post correlati

CVE-2026-22977 | Linux Kernel up to 6.19-rc4 net sk_buff.cb allocation of resources

CVE-2025-20200 | Cisco IOS XE up to 17.15.1w CLI unusual condition (cisco-sa-iosxe-privesc-su7scvdp)

CVE-2024-21855 | GoCast 1.1.3 HTTP API missing authentication (TALOS-2024-1962)

CVE-2024-39380 | Adobe After Effects up to 23.6.6/24.5 heap-based overflow (apsb24-55)