CVE-2025-69352
WordPress The Events Calendar plugin <= 6.15.12.2 - Broken Access Control vulnerabilityMissing Authorization vulnerability in StellarWP The Events Calendar the-events-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Events Calendar: from n/a through <= 6.15.12.2.
We have discovered 88,163 live websites that are affected by CVE-2025-69352.
Affected Software
| Product |  The Events Calendar |
| Category | Wordpress Plugins |
| Vulnerable Domains | 88,163 live websites (92% of The Events Calendar install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 334 versions ( 99% of all versions) |
Details
- Published - Jan 6, 2026
- Updated - Jan 20, 2026
Credits
- Phat RiO - BlueRock | Patchstack Bug Bounty Program (finder)
CVE References
Website Distribution by Country
Number of websites using CVE-2025-69352 United States | 32,556 websites |
 Germany | 14,216 websites |
 France | 4,973 websites |
 GB | 3,991 websites |
 Italy | 3,179 websites |
 Netherlands | 2,990 websites |
 Canada | 2,664 websites |
 Spain | 2,264 websites |
 Switzerland | 1,766 websites |
 Denmark | 1,437 websites |
Website Distribution by TLD
Number of websites using CVE-2025-69352| .com | 25,556 websites |
| .org | 17,234 websites |
| .de | 10,556 websites |
| .nl | 3,003 websites |
| .fr | 2,418 websites |
| .it | 2,352 websites |
| .co.uk | 1,746 websites |
| .ca | 1,664 websites |
| .net | 1,588 websites |
| .ch | 1,527 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2025-69352
Top websites that are affected by CVE-2025-69352. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ****.*******.org | United States | *,*** | |
| *****************.com | United States | *,*** | |
| ******.com | United States | **,*** | |
| *****.**.uk | United States | **,*** | |
| *************************.de | Germany | **,*** | |
| *******************.nl | Netherlands | **,*** | |
| ***************.net | United States | **,*** | |
| ***.org |  South Africa | **,*** | |
| ****************.com | United States | **,*** | |
| ****.net | United States | **,*** |
FAQ
A total of 88,163 websites have been identified as vulnerable to CVE-2025-69352, based on global website indexing conducted by WebTechSurvey.
The The Events Calendar is affected by the CVE-2025-69352 vulnerability.
The Events Calendar versions up to and including 6.15.12.2 are vulnerable to CVE-2025-69352.