Webnus Modern_events_calendar_lite
18 CVEs affecting Webnus Modern_events_calendar_lite. Latest disclosed: 2025-07-12. Critical: 1, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-24946 | Critical | 9.8 | 2021-12-13 | The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise and escape the time parameter before using it in a SQL statement in the mec_loa… |
CVE-2024-5441 | High | 8.8 | 2024-07-09 | The Modern Events Calendar plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the set_featured_image function… |
CVE-2021-24149 | High | 8.8 | 2021-03-18 | Unvalidated input in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.6, did not sanitise the mec[post_id] POST parameter in the mec_fes_… |
CVE-2024-6522 | High | 8.5 | 2024-08-07 | The Modern Events Calendar plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.12.1 via the 'mec_fes_form… |
CVE-2021-24146 | High | 7.5 | 2021-03-18 | Lack of authorisation checks in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly restrict access to the export files… |
CVE-2021-24145 | High | 7.2 | 2021-03-18 | Arbitrary file upload in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly check the imported file, allowing PHP ones… |
CVE-2021-24925 | Medium | 6.1 | 2021-12-13 | The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise and escape the current_month_divider parameter of its mec_list_load_more AJAX c… |
CVE-2021-4458 | Medium | 5.9 | 2025-07-12 | The Modern Events Calendar Lite plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'wp_ajax_mec_load_single_page' AJAX action in… |
CVE-2022-30533 | Medium | 5.4 | 2022-06-16 | Cross-site scripting vulnerability in Modern Events Calendar Lite versions prior to 6.3.0 allows remote an authenticated attacker to inject an arbitrary script… |
CVE-2022-0364 | Medium | 5.4 | 2022-03-21 | The Modern Events Calendar Lite WordPress plugin before 6.4.0 does not sanitize and escape some of the Hourly Schedule parameters which could allow users with… |
CVE-2021-25046 | Medium | 5.4 | 2022-01-17 | The Modern Events Calendar Lite WordPress plugin before 6.2.0 alloed any logged-in user, even a subscriber user, may add a category whose parameters are incorr… |
CVE-2021-24716 | Medium | 5.4 | 2021-11-01 | The Modern Events Calendar Lite WordPress plugin before 5.22.3 does not properly sanitize or escape values set by users with access to adjust settings withing… |
CVE-2021-24147 | Medium | 5.4 | 2021-03-18 | Unvalidated input and lack of output encoding in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not sanitise the mic_comment fie… |
CVE-2020-9459 | Medium | 5.4 | 2020-02-28 | Multiple Stored Cross-site scripting (XSS) vulnerabilities in the Webnus Modern Events Calendar Lite plugin through 5.1.6 for WordPress allows remote authentic… |
CVE-2023-1400 | Medium | 4.8 | 2023-03-27 | The Modern Events Calendar Lite WordPress plugin before 6.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as… |
CVE-2021-24687 | Medium | 4.8 | 2021-10-04 | The Modern Events Calendar Lite WordPress plugin before 5.22.2 does not escape some of its settings before outputting them in attributes, allowing high privile… |
CVE-2023-4021 | Medium | 4.4 | 2023-10-20 | The Modern Events Calendar lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Google API key and Calendar ID in versions up to, but not… |
CVE-2022-27848 | Low | 3.4 | 2022-04-14 | Authenticated (admin+ user) Stored Cross-Site Scripting (XSS) in Modern Events Calendar Lite (WordPress plugin) <= 6.5.1 |