Webnus Modern Events Calendar Lite — known CVE vulnerabilities
Every CVE whose affected-product data names Webnus Modern Events Calendar Lite, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (18)
CVE-2021-24946 — CVSS 9.8 (critical): The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise and escape the time parameter before using it in a SQL…
CVE-2024-5441 — CVSS 8.8 (high): The Modern Events Calendar plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the…
CVE-2021-24149 — CVSS 8.8 (high): Unvalidated input in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.6, did not sanitise the mec[post_id] POST…
CVE-2024-6522 — CVSS 8.5 (high): The Modern Events Calendar plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.12.1…
CVE-2021-24146 — CVSS 7.5 (high): Lack of authorisation checks in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly restrict access…
CVE-2021-24145 — CVSS 7.2 (high): Arbitrary file upload in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly check the imported…
CVE-2021-24925 — CVSS 6.1 (medium): The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise and escape the current_month_divider parameter of its…
CVE-2021-4458 — CVSS 5.9 (medium): The Modern Events Calendar Lite plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'wp_ajax_mec_load_single_p…
CVE-2021-25046 — CVSS 5.4 (medium): The Modern Events Calendar Lite WordPress plugin before 6.2.0 alloed any logged-in user, even a subscriber user, may add a category whose…
CVE-2021-24147 — CVSS 5.4 (medium): Unvalidated input and lack of output encoding in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not sanitise…
CVE-2021-24716 — CVSS 5.4 (medium): The Modern Events Calendar Lite WordPress plugin before 5.22.3 does not properly sanitize or escape values set by users with access to…
CVE-2020-9459 — CVSS 5.4 (medium): Multiple Stored Cross-site scripting (XSS) vulnerabilities in the Webnus Modern Events Calendar Lite plugin through 5.1.6 for WordPress…
CVE-2022-0364 — CVSS 5.4 (medium): The Modern Events Calendar Lite WordPress plugin before 6.4.0 does not sanitize and escape some of the Hourly Schedule parameters which…
CVE-2022-30533 — CVSS 5.4 (medium): Cross-site scripting vulnerability in Modern Events Calendar Lite versions prior to 6.3.0 allows remote an authenticated attacker to inject…
CVE-2023-1400 — CVSS 4.8 (medium): The Modern Events Calendar Lite WordPress plugin before 6.5.2 does not sanitise and escape some of its settings, which could allow high…
CVE-2021-24687 — CVSS 4.8 (medium): The Modern Events Calendar Lite WordPress plugin before 5.22.2 does not escape some of its settings before outputting them in attributes…
CVE-2023-4021 — CVSS 4.4 (medium): The Modern Events Calendar lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Google API key and Calendar ID in…
CVE-2022-27848 — CVSS 3.4 (low): Authenticated (admin+ user) Stored Cross-Site Scripting (XSS) in Modern Events Calendar Lite (WordPress plugin) <= 6.5.1