What is CVE-2022-0364?

CVE-2022-0364 is a vulnerability in Modern Events Calendar Lite, classified under Cross-site Scripting. Published 2022-03-21.

Is CVE-2022-0364 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

XSS in Modern Events Calendar Lite

CVE-2022-0364

The Modern Events Calendar Lite WordPress plugin before 6.4.0 does not sanitize and escape some of the Hourly Schedule parameters which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.671 (99.2th percentile) — read the EPSS interpretation.

Affected products

Unknown Modern Events Calendar Lite — versions 6.4.0

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

Public proof-of-concept exploits

20142995/nuclei-templates
ARPSyndicate/cvemon

References

wpscan.com/vulnerability/0eb40cd5-838e-4b53-994d-22cf7c8a6c50 (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-0364?: CVE-2022-0364 is a vulnerability in Modern Events Calendar Lite, classified under Cross-site Scripting. Published 2022-03-21.
Is CVE-2022-0364 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.