PatchSiren cyber security CVE debrief
CVE-2025-69135 CurlyThemes CVE debrief
PatchSiren analyzed CVE-2025-69135, a HIGH severity vulnerability in Events Schedule - WordPress Events Calendar Plugin. This SQL Injection issue affects versions up to 2.7.2. The vulnerability allows subscribers to inject malicious SQL, potentially leading to unauthorized data access or modification. Users should review the official advisory and CVE record to validate affected scope, severity, and vendor guidance.
- Vendor
- CurlyThemes
- Product
- Events Schedule - WordPress Events Calendar Plugin
- CVSS
- HIGH 8.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-17
- Original CVE updated
- 2026-06-17
- Advisory published
- 2026-06-17
- Advisory updated
- 2026-06-17
Who should care
Users of Events Schedule - WordPress Events Calendar Plugin version 2.7.2 or earlier should prioritize patching this HIGH severity vulnerability. Operators, platform administrators, vulnerability management teams, and security teams should review the official advisory and CVE record to validate affected scope, severity, and vendor guidance.
Technical summary
CVE-2025-69135 is a SQL Injection vulnerability in the Events Schedule - WordPress Events Calendar Plugin. The issue, rated HIGH with a CVSS score of 8.5, allows subscribers to inject malicious SQL. This vulnerability can be exploited by authenticated users with subscriber privileges, potentially leading to data breaches or system compromise.
Defensive priority
Patching is highly recommended due to the HIGH severity of this SQL Injection vulnerability. Defenders should prioritize verifying installed plugin versions, monitoring for suspicious activity, and applying compensating controls where necessary.
Recommended defensive actions
- Apply the latest patch for Events Schedule - WordPress Events Calendar Plugin
- Inventory and verify installed plugin versions
- Monitor for suspicious database queries
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
Evidence notes
The CVE record was published on 2026-06-17T13:19:18.903Z and last modified on 2026-06-17T15:16:38.007Z. The NVD entry is currently Deferred. This information is based on the supplied source corpus. Defenders should verify the accuracy of this information and review the official CVE record and NVD entry for further details.
Official resources
-
CVE-2025-69135 CVE record
CVE.org
-
CVE-2025-69135 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T13:19:18.903Z and has not been modified since then. The NVD entry is currently Deferred.