Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-9876-qpdh-5fe2
SummaryThe My Calendar – Accessible Event Manager plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.7.9. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with custom-level access and above, to bypass the moderation and approval workflow by tampering with the POST body to publish events or set other unauthorized statuses such as cancelled or private, in ways their role does not permit. While the UI correctly restricts low-privilege users to a draft-only submit button, this restriction is enforced only client-side, making it trivially bypassable by directly manipulating the POST request.
Aliases
0
alias CVE-2026-7525
Fixed_packages
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-7525
reference_id
reference_type
scores
0
value 0.00017
scoring_system epss
scoring_elements 0.04545
published_at 2026-06-11T12:55:00Z
1
value 0.00017
scoring_system epss
scoring_elements 0.04535
published_at 2026-06-13T12:55:00Z
2
value 0.00017
scoring_system epss
scoring_elements 0.04552
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-7525
1
reference_url https://www.wordfence.com/threat-intel/vulnerabilities/id/3e27c0b0-c74f-47ad-b9ed-9fd6bd05d040?source=cve
reference_id 3e27c0b0-c74f-47ad-b9ed-9fd6bd05d040?source=cve
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-14T10:40:09Z/
url https://www.wordfence.com/threat-intel/vulnerabilities/id/3e27c0b0-c74f-47ad-b9ed-9fd6bd05d040?source=cve
2
reference_url https://github.com/joedolson/my-calendar/commit/98aef8fbfc6ca4cfe50aaa36761d5f1eb629dfe4
reference_id 98aef8fbfc6ca4cfe50aaa36761d5f1eb629dfe4
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-14T10:40:09Z/
url https://github.com/joedolson/my-calendar/commit/98aef8fbfc6ca4cfe50aaa36761d5f1eb629dfe4
3
reference_url https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3527861%40my-calendar&new=3527861%40my-calendar&sfp_email=&sfph_mail=
reference_id changeset?sfp_email=&sfph_mail=&reponame=&old=3527861%40my-calendar&new=3527861%40my-calendar&sfp_email=&sfph_mail=
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-14T10:40:09Z/
url https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3527861%40my-calendar&new=3527861%40my-calendar&sfp_email=&sfph_mail=
4
reference_url https://plugins.trac.wordpress.org/browser/my-calendar/tags/3.7.4/my-calendar-event-editor.php#L2384
reference_id my-calendar-event-editor.php#L2384
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-14T10:40:09Z/
url https://plugins.trac.wordpress.org/browser/my-calendar/tags/3.7.4/my-calendar-event-editor.php#L2384
5
reference_url https://plugins.trac.wordpress.org/browser/my-calendar/tags/3.7.9/my-calendar-event-editor.php#L2384
reference_id my-calendar-event-editor.php#L2384
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-14T10:40:09Z/
url https://plugins.trac.wordpress.org/browser/my-calendar/tags/3.7.9/my-calendar-event-editor.php#L2384
6
reference_url https://plugins.trac.wordpress.org/browser/my-calendar/trunk/my-calendar-event-editor.php#L2384
reference_id my-calendar-event-editor.php#L2384
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-14T10:40:09Z/
url https://plugins.trac.wordpress.org/browser/my-calendar/trunk/my-calendar-event-editor.php#L2384
7
reference_url https://plugins.trac.wordpress.org/browser/my-calendar/tags/3.7.4/my-calendar-event-editor.php#L406
reference_id my-calendar-event-editor.php#L406
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-14T10:40:09Z/
url https://plugins.trac.wordpress.org/browser/my-calendar/tags/3.7.4/my-calendar-event-editor.php#L406
8
reference_url https://plugins.trac.wordpress.org/browser/my-calendar/tags/3.7.9/my-calendar-event-editor.php#L406
reference_id my-calendar-event-editor.php#L406
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-14T10:40:09Z/
url https://plugins.trac.wordpress.org/browser/my-calendar/tags/3.7.9/my-calendar-event-editor.php#L406
9
reference_url https://plugins.trac.wordpress.org/browser/my-calendar/trunk/my-calendar-event-editor.php#L406
reference_id my-calendar-event-editor.php#L406
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-14T10:40:09Z/
url https://plugins.trac.wordpress.org/browser/my-calendar/trunk/my-calendar-event-editor.php#L406
10
reference_url https://plugins.trac.wordpress.org/browser/my-calendar/tags/3.7.4/my-calendar-event-editor.php#L601
reference_id my-calendar-event-editor.php#L601
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-14T10:40:09Z/
url https://plugins.trac.wordpress.org/browser/my-calendar/tags/3.7.4/my-calendar-event-editor.php#L601
11
reference_url https://plugins.trac.wordpress.org/browser/my-calendar/tags/3.7.9/my-calendar-event-editor.php#L601
reference_id my-calendar-event-editor.php#L601
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-14T10:40:09Z/
url https://plugins.trac.wordpress.org/browser/my-calendar/tags/3.7.9/my-calendar-event-editor.php#L601
12
reference_url https://plugins.trac.wordpress.org/browser/my-calendar/trunk/my-calendar-event-editor.php#L601
reference_id my-calendar-event-editor.php#L601
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-14T10:40:09Z/
url https://plugins.trac.wordpress.org/browser/my-calendar/trunk/my-calendar-event-editor.php#L601
Weaknesses
0
cwe_id 862
name Missing Authorization
description The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Exploits
Severity_range_score4.3 - 4.3
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-9876-qpdh-5fe2