Webnus Modern_events_calendar_lite

18 CVEs affecting Webnus Modern_events_calendar_lite. Latest disclosed: 2025-07-12. Critical: 1, High: 5.

Top CVEs affecting Webnus Modern_events_calendar_lite
CVESeverityScorePublishedSummary
CVE-2021-24946Critical9.82021-12-13The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise and escape the time parameter before using it in a SQL statement in the mec_loa…
CVE-2024-5441High8.82024-07-09The Modern Events Calendar plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the set_featured_image function…
CVE-2021-24149High8.82021-03-18Unvalidated input in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.6, did not sanitise the mec[post_id] POST parameter in the mec_fes_…
CVE-2024-6522High8.52024-08-07The Modern Events Calendar plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.12.1 via the 'mec_fes_form…
CVE-2021-24146High7.52021-03-18Lack of authorisation checks in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly restrict access to the export files…
CVE-2021-24145High7.22021-03-18Arbitrary file upload in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly check the imported file, allowing PHP ones…
CVE-2021-24925Medium6.12021-12-13The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise and escape the current_month_divider parameter of its mec_list_load_more AJAX c…
CVE-2021-4458Medium5.92025-07-12The Modern Events Calendar Lite plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'wp_ajax_mec_load_single_page' AJAX action in…
CVE-2022-30533Medium5.42022-06-16Cross-site scripting vulnerability in Modern Events Calendar Lite versions prior to 6.3.0 allows remote an authenticated attacker to inject an arbitrary script…
CVE-2022-0364Medium5.42022-03-21The Modern Events Calendar Lite WordPress plugin before 6.4.0 does not sanitize and escape some of the Hourly Schedule parameters which could allow users with…
CVE-2021-25046Medium5.42022-01-17The Modern Events Calendar Lite WordPress plugin before 6.2.0 alloed any logged-in user, even a subscriber user, may add a category whose parameters are incorr…
CVE-2021-24716Medium5.42021-11-01The Modern Events Calendar Lite WordPress plugin before 5.22.3 does not properly sanitize or escape values set by users with access to adjust settings withing…
CVE-2021-24147Medium5.42021-03-18Unvalidated input and lack of output encoding in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not sanitise the mic_comment fie…
CVE-2020-9459Medium5.42020-02-28Multiple Stored Cross-site scripting (XSS) vulnerabilities in the Webnus Modern Events Calendar Lite plugin through 5.1.6 for WordPress allows remote authentic…
CVE-2023-1400Medium4.82023-03-27The Modern Events Calendar Lite WordPress plugin before 6.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as…
CVE-2021-24687Medium4.82021-10-04The Modern Events Calendar Lite WordPress plugin before 5.22.2 does not escape some of its settings before outputting them in attributes, allowing high privile…
CVE-2023-4021Medium4.42023-10-20The Modern Events Calendar lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Google API key and Calendar ID in versions up to, but not…
CVE-2022-27848Low3.42022-04-14Authenticated (admin+ user) Stored Cross-Site Scripting (XSS) in Modern Events Calendar Lite (WordPress plugin) <= 6.5.1