834 matches found
WordPress Modern Events Calendar Plugin Remote Code Execution (CVE-2021-24145)
A remote code execution vulnerability exists in WordPress Modern Events Calendar Plugin. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Exploit for Unrestricted Upload of File with Dangerous Type in Webnus Modern_Events_Calendar_Lite
CVE-2021-24145 WordPress File Upload Vulnerability, Modern Eve...
WordPress Events Shortcodes & Templates For The Events Calendar plugin <= 1.7.1 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by iohex and WPScanTeam in WordPress Events Shortcodes & Templates For The Events Calendar plugin versions = 1.7.1. Solution Update the WordPress Events Shortcodes & Templates For The Events Calendar plugin to the latest available versio...
Metasploit Wrap-Up
New Olympic Discipline: Hive Hunting This week, community contributor Hakyac added a new Olympic discipline to Metasploit exploit sport category, which is based on the work of community security researchers @jonasLyk and Kevin Beaumont. The rules are simple: You need to abuse a flaw in Windows 10...
Wordpress Plugin Modern Events Calendar - Authenticated Remote Code Execution
This module allows an attacker with a privileged Wordpress account to launch a reverse shell due to an arbitrary file upload vulnerability in Wordpress plugin Modern Events Calendar .php Module Options msf use exploit/multi/http/wppluginmoderneventscalendarrce msf...
WordPress Modern Events Calendar Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress Plugin Modern Events Calendar - Authenticated Remote Code Execution', 'Description' = %q This module allows an attacker with a privileg...
WordPress Modern Events Calendar Remote Code Execution Exploit
This Metasploit module allows an attacker with a privileged WordPress account to launch a reverse shell due to an arbitrary file upload vulnerability in WordPress Modern Events Calendar plugin versions prior to 5.16.5. This is due to an incorrect check of the uploaded file extension. Indeed, by...
WordPress Simple Events Calendar plugin <= 1.4.0 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability discovered by Shreya Pohekar in WordPress Simple Events Calendar plugin versions = 1.4.0. Solution This plugin has been closed as of June 2, 2021 and is not available for download. Reason: Security Issue...
Wordpress Modern Events Calendar 5.16.2 Plugin - Event export (Unauthenticated) Exploit
Exploit Title: Wordpress Plugin Modern Events Calendar 5.16.2 - Event export Unauthenticated Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://webnus.net/modern-events-calendar/ Software Link: https://downloads.wordpress.org/plugin/modern-events-calendar-lite.5.16.2.zip Version: Befo...
WordPress Modern Events Calendar 5.16.2 Information Disclosure
Exploit Title: Wordpress Plugin Modern Events Calendar 5.16.2 - Event export Unauthenticated Date 01.07.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://webnus.net/modern-events-calendar/ Software Link: https://downloads.wordpress.org/plugin/modern-events-calendar-lite.5.16.2.z...
Wordpress Plugin Modern Events Calendar 5.16.2 - Remote Code Execution (Authenticated)
Exploit Title: Wordpress Plugin Modern Events Calendar 5.16.2 - Remote Code Execution Authenticated Date 01.07.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://webnus.net/modern-events-calendar/ Software Link:...
Wordpress Plugin Modern Events Calendar 5.16.2 - Event export (Unauthenticated)
Exploit Title: Wordpress Plugin Modern Events Calendar 5.16.2 - Event export Unauthenticated Date 01.07.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://webnus.net/modern-events-calendar/ Software Link: https://downloads.wordpress.org/plugin/modern-events-calendar-lite.5.16.2.z...
Wordpress Modern Events Calendar 5.16.2 Plugin - Remote Code Execution (Authenticated) Exploit
Exploit Title: Wordpress Plugin Modern Events Calendar 5.16.2 - Remote Code Execution Authenticated Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://webnus.net/modern-events-calendar/ Software Link: https://downloads.wordpress.org/plugin/modern-events-calendar-lite.5.16.2.zip Versio...
WordPress Modern Events Calendar 5.16.2 Shell Upload
Exploit Title: Wordpress Plugin Modern Events Calendar 5.16.2 - Remote Code Execution Authenticated Date 01.07.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://webnus.net/modern-events-calendar/ Software Link:...
Wordpress Modern Events Calendar Lite Cross-Site Scripting Vulnerability
Wordpress Modern Events Calendar Lite is Wordpress open source plugin for an application. The plugin is used to manage the best tools for events website. A cross-site scripting vulnerability exists in the Modern Events Calendar Lite WordPress plugin versions prior to 5.16.5. The vulnerability ste...
CVE-2021-24149
Unvalidated input in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.6, did not sanitise the mecpostid POST parameter in the mecfesform AJAX action when logged in as an author+, leading to an authenticated SQL Injection issue...
CVE-2021-24146
Lack of authorisation checks in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format for example...
CVE-2021-24145
Arbitrary file upload in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly check the imported file, allowing PHP ones to be uploaded by administrator by using the 'text/csv' content-type in the request...
CVE-2021-24147
Unvalidated input and lack of output encoding in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not sanitise the miccomment field Notes on time when adding/editing an event, allowing users with privilege as low as author to add events with a Cross-Site Scripting...
CVE-2021-24147
Unvalidated input and lack of output encoding in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not sanitise the miccomment field Notes on time when adding/editing an event, allowing users with privilege as low as author to add events with a Cross-Site Scripting...