CyberRota
← Ana sayfaya dön

CVE-2026-11896

MEDIUM · CVSS 5.3 EPSS %0.54

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-07-02T10:16:27.280 · Çekilme zamanı: 2026-07-02T18:27:52.626443+00:00

CyberRota Yorumu

Detaylı analiz gerekiyor.

CVE
CVE-2026-11896
Severity
MEDIUM
CVSS
5.3
EPSS
%0.54
WordPress

Orijinal NVD Açıklaması

The My Calendar – Accessible Event Manager plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.7.14 via the 'vcal' parameter due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to enumerate occurrence IDs and access the full iCalendar export of non-public, draft, trashed, and personal calendar events, disclosing sensitive event metadata including titles, descriptions, dates, locations, organizer and host details, permalinks, and related calendar metadata.