CVE Catalog
CVE-2026-39532
HighCVSS 8.8Exploitation Probability (EPSS)
Low risk0.34%
26th percentile - higher than 26% of all known CVEs
Summary
Events Calendar for GeoDirectory versions up to 2.3.25 contain a PHP Object Injection vulnerability, which may lead to unauthorized access or data manipulation.
Risk Assessment
Organizations using these versions may be exposed to attacks that could result in data loss or security breaches.
Recommendation
It is recommended to update to the latest version of Events Calendar to mitigate this vulnerability.
Original NVD description (English source)
Contributor PHP Object Injection in Events Calendar for GeoDirectory <= 2.3.25 versions.

