WordPress Modern Events Calendar Lite Plugin < 6.1.5 Multiple Vulnerabilities

The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

CVE-2021-24925

creationtimestamp| type| source ---|---|--- 2021-12-13 14:22:06+00:00| seen| https://t.me/cibsecurity/33801...

CVE-2021-24925 Modern Events Calendar Lite < 6.1.5 - Reflected Cross-Site Scripting

The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise and escape the currentmonthdivider parameter of its meclistloadmore AJAX call available to both unauthenticated and authenticated users before outputting it back in the response, leading to a Reflected Cross-Site...

CVE-2021-24925

Summary: CVE-2021-24925 affects the Modern Events Calendar Lite WordPress plugin prior to 6.1.5. The issue is a reflected cross-site scripting (XSS) vulnerability in the mec_list_load_more AJAX endpoint. The plugin does not sanitize or escape the current_month_divider parameter before echoing it ...