CVE-2026-7525 — The My Calendar – Accessible Event Manager plugin for

May 14, 2026 08:16 /MEDIUM /CVSS 4.3/10

Written by SCW Vulnerability Desk Vulnerability Intelligence

National Vulnerability Database vulnerabilitycvemedium-severitycwe-862

CVE-2026-7525 — The My Calendar – Accessible Event Manager plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.7.9. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated

What This Means For You

If your environment is affected by CWE-862, review your exposure and prioritize patching based on your environment. Monitor vendor advisories for CVE-2026-7525 updates and patches.

Related ATT&CK Techniques

T1078.004 Abuse Elevation Control Mechanism: Sudo and Operating System Job Scheduling Privilege Escalation T1538 Information Gathering: Data from Information Repositories Discovery T1059.001 Command and Scripting Interpreter: PowerShell Execution

🛡️ Detection Rules

3 rules · 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

high T1538 Privilege Escalation

CVE-2026-7525 - My Calendar Plugin Event Status Tampering

Sigma YAML — free preview

title: CVE-2026-7525 - My Calendar Plugin Event Status Tampering
id: scw-2026-05-14-ai-1
status: experimental
level: high
description: |
  Detects attempts to bypass the My Calendar plugin's authorization workflow by directly publishing events via the admin-ajax.php endpoint. This rule specifically targets the 'my_calendar_save_event' action and the 'event_status=publish' parameter, indicating an attempt to publish an event without proper authorization, as described in CVE-2026-7525.
author: SCW Feed Engine (AI-generated)
date: 2026-05-14
references:
  - https://shimiscyberworld.com/posts/nvd-CVE-2026-7525/
tags:
  - attack.privilege_escalation
  - attack.t1538
logsource:
    category: webserver
detection:
  selection:
      cs-method:
          - 'POST'
      uri|contains:
          - '/wp-admin/admin-ajax.php'
      cs-uri-query|contains:
          - 'action=my_calendar_save_event'
  selection_base:
      cs-uri-query|contains:
          - 'event_status=publish'
      condition: selection AND selection_base
falsepositives:
  - Legitimate administrative activity

Source: Shimi's Cyber World · License & reuse

✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

ID	Type	Indicator
CVE-2026-7525	vulnerability	CVE-2026-7525
CWE-862	weakness	CWE-862

Written by SCW Vulnerability Desk

Source & Attribution

Source Platform	NVD
Channel	National Vulnerability Database
Published	May 14, 2026 at 08:16 UTC

This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.

Believe this infringes your rights? Submit a takedown request.

What This Means For You

Related ATT&CK Techniques

🛡️ Detection Rules

CVE-2026-7525 - My Calendar Plugin Event Status Tampering

Indicators of Compromise

Related coverage

CVE-2026-8280 — GitLab CE/EE Affecting All Versions From 8.3 Before 18.9.7, Denial of Service

CVE-2026-8181: WordPress Burst Statistics Plugin Critical Auth Bypass

GitLab CVE-2026-7481: Developer XSS Vulnerability Patched