CVE-2026-1310 - Simple calendar for Elementor <= 1.6.6 - missing authorization to unauthenticated...

CVE ID : CVE-2026-1310 Published : Jan. 28, 2026, 7:16 a.m. | 1 hour, 9 minutes ago Description : The Simple calendar for Elementor plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.6.6. This is due to missing capability checks on the `miga_ajax_editor_cal_delete` function that is hooked to the `miga_editor_cal_delete` AJAX action with both authenticated and unauthenticated access enabled. This makes it possible for unauthenticated attackers to delete arbitrary calendar entries by sending a request with a valid nonce and the calendar entry ID. Severity: 5.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...