cleantalk
Vulnerabilities and Security Researches

The Events Calendar, CVE-2026-49772

CVE, Research URL

CVE-2026-49772

Home page URL

Security reports for The Events Calendar

Application

The Events Calendar

Published on
Jun 16, 2026
Research Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Liquid Web / StellarWP The Events Calendar allows Blind SQL Injection. This issue affects The Events Calendar: from 6.15.12 through 6.16.2.
Affected versions
max 6.16.3.
Status
vulnerable
Previous vulnerability researches
JSP Store Locator (CVE-2024-11267) , Jan 11, 2025
JSP Store Locator (CVE-2024-12301) , Jan 11, 2025
New vulnerability
The Events Calendar (CVE-2026-49772) , Jun 16, 2026
WooCommerce Stripe Payment Gateway (CVE-2026-2381) , Jun 16, 2026
leenk.me (753d31765913b4d2dbb8af0a5512e5f1f8c70c61) , Jun 16, 2026
Social Hashtags (5abd4657-8a58-4d97-b8cb-b67235ab5b8a) , Jun 16, 2026
Social Hashtags (1965c7b04565befbb11c28b56cb6922733a47b03) , Jun 16, 2026