CYBERHAWK / CVE / CVE-2026-11616

CVE-2026-11616

HIGH CVSS 8.8 other

The flaw

The Events Calendar for GeoDirectory plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 2.3.28. This is due to the ajax_ayi_action() handler only applying strip_tags(esc_sql()) — with no allow-list —

What to do

Review advisory and patch per vendor guidance.

▸ Scan my repo for CVE-2026-11616

References

NVD CISA KEV OSV GitHub Advisory MITRE News search

First seen 2026-06-12 · Tracked by PickBits CyberHawk · Weekly CVE digest

← All CVEs RSS Scheduled audits