CVE-2026-1310 Simple calendar for Elementor <= 1.6.6 - Missing Authorization to Unauthenticated Arbitrary Calendar Entry Deletion

The Simple calendar for Elementor plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.6.6. This is due to missing capability checks on the migaajaxeditorcaldelete function that is hooked to the migaeditorcaldelete AJAX action with both authenticated...

CVE-2025-47542

Cross-Site Request Forgery CSRF vulnerability in Michael Simple calendar for Elementor allows Cross Site Request Forgery. This issue affects Simple calendar for Elementor: from n/a through 1.6.5...

CVE-2025-47542

CVE-2025-47542 affects WordPress plugin Simple calendar for Elementor (versions 1.6.5 and earlier). The connected sources confirm a Cross-Site Request Forgery (CSRF) vulnerability in this plugin, enabling CSRF attacks that could force a user to perform unwanted actions on behalf of an authenticat...

WordPress plugin Simple calendar for Elementor 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...