A vulnerability, which was classified as critical , was found in Liquid Web/StellarWP The Events Calendar Plugin up to 6.16.2 on WordPress. The impacted element is an unknown function. The manipulation results in sql injection. This vulnerability was named CVE-2026-49772 . The attack may be performed from remote. There is no available exploit.