WordPress Plugin Vulnerabilities

Editorial Calendar < 3.8.9 - Missing Authorization

Description

The Editorial Calendar plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 3.8.8. This makes it possible for authenticated attackers, with contributor-level access and above, to perform an unauthorized action.

Affects Plugins

Plugin icon
editorial-calendar
Fixed in 3.8.9

References

CVE
CVE-2025-68603
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/775a0071-0c07-4438-918a-ff997961a6b3

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Doan Dinh Van (DinhVan52)
Verified
No
WPVDB ID
01ce11e3-f8cc-46b2-bc88-9c64701ff65a

Timeline

Publicly Published
2025-12-20 (about 4 months ago)
Added
2026-01-05 (about 4 months ago)
Last Updated
2026-01-27 (about 3 months ago)

Other

Published
Title
Published
2025-01-16
Title
Loginplus <= 1.2 - Missing Authorization
Published
2024-01-30
Title
BizPrint < 4.5.4 - Unauthenticated WC Order Data Access
Published
2022-08-15
Title
Multivendor Marketplace Solution for WooCommerce < 3.8.12 - Unauthorised AJAX Calls
Published
2024-03-26
Title
Max Mega Menu < 3.3.1 - Missing Authorization
Published
2026-01-30
Title
Mizan Demo Importer < 0.1.4 - Missing Authorization