Lucene search
+L

834 matches found

Check Point Advisories
Check Point Advisories
added 2021/08/18 12:0 a.m.60 views

WordPress Modern Events Calendar Plugin Remote Code Execution (CVE-2021-24145)

A remote code execution vulnerability exists in WordPress Modern Events Calendar Plugin. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

6.5CVSS5.5AI score0.88158EPSS
Exploits9
GithubExploit
GithubExploit
added 2021/08/14 2:56 a.m.261 views

Exploit for Unrestricted Upload of File with Dangerous Type in Webnus Modern_Events_Calendar_Lite

CVE-2021-24145 WordPress File Upload Vulnerability, Modern Eve...

7.2CVSS7.2AI score0.88158EPSS
Exploits9
Patchstack
Patchstack
added 2021/08/09 12:0 a.m.12 views

WordPress Events Shortcodes & Templates For The Events Calendar plugin <= 1.7.1 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by iohex and WPScanTeam in WordPress Events Shortcodes & Templates For The Events Calendar plugin versions = 1.7.1. Solution Update the WordPress Events Shortcodes & Templates For The Events Calendar plugin to the latest available versio...

2AI score
Exploits0References2Affected Software1
Rapid7 Blog
Rapid7 Blog
added 2021/07/30 6:4 p.m.314 views

Metasploit Wrap-Up

New Olympic Discipline: Hive Hunting This week, community contributor Hakyac added a new Olympic discipline to Metasploit exploit sport category, which is based on the work of community security researchers @jonasLyk and Kevin Beaumont. The rules are simple: You need to abuse a flaw in Windows 10...

8.3CVSS0.6AI score0.88158EPSS
Exploits36
Metasploit
Metasploit
added 2021/07/26 5:43 p.m.100 views

Wordpress Plugin Modern Events Calendar - Authenticated Remote Code Execution

This module allows an attacker with a privileged Wordpress account to launch a reverse shell due to an arbitrary file upload vulnerability in Wordpress plugin Modern Events Calendar .php Module Options msf use exploit/multi/http/wppluginmoderneventscalendarrce msf...

7.2CVSS7.1AI score0.88158EPSS
Exploits9
Packet Storm
Packet Storm
added 2021/07/26 12:0 a.m.580 views

WordPress Modern Events Calendar Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress Plugin Modern Events Calendar - Authenticated Remote Code Execution', 'Description' = %q This module allows an attacker with a privileg...

6.5CVSS0.4AI score0.88158EPSS
Exploits9
0day.today
0day.today
added 2021/07/26 12:0 a.m.201 views

WordPress Modern Events Calendar Remote Code Execution Exploit

This Metasploit module allows an attacker with a privileged WordPress account to launch a reverse shell due to an arbitrary file upload vulnerability in WordPress Modern Events Calendar plugin versions prior to 5.16.5. This is due to an incorrect check of the uploaded file extension. Indeed, by...

7.2CVSS0.5AI score0.88158EPSS
Exploits9
Patchstack
Patchstack
added 2021/07/23 12:0 a.m.21 views

WordPress Simple Events Calendar plugin <= 1.4.0 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by Shreya Pohekar in WordPress Simple Events Calendar plugin versions = 1.4.0. Solution This plugin has been closed as of June 2, 2021 and is not available for download. Reason: Security Issue...

7.2CVSS3.1AI score0.01578EPSS
Exploits2References3Affected Software1
0day.today
0day.today
added 2021/07/02 12:0 a.m.113 views

Wordpress Modern Events Calendar 5.16.2 Plugin - Event export (Unauthenticated) Exploit

Exploit Title: Wordpress Plugin Modern Events Calendar 5.16.2 - Event export Unauthenticated Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://webnus.net/modern-events-calendar/ Software Link: https://downloads.wordpress.org/plugin/modern-events-calendar-lite.5.16.2.zip Version: Befo...

7.5CVSS0.3AI score0.31043EPSS
Exploits5
Packet Storm
Packet Storm
added 2021/07/02 12:0 a.m.249 views

WordPress Modern Events Calendar 5.16.2 Information Disclosure

Exploit Title: Wordpress Plugin Modern Events Calendar 5.16.2 - Event export Unauthenticated Date 01.07.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://webnus.net/modern-events-calendar/ Software Link: https://downloads.wordpress.org/plugin/modern-events-calendar-lite.5.16.2.z...

5CVSS7.6AI score0.31043EPSS
Exploits5
Exploit DB
Exploit DB
added 2021/07/02 12:0 a.m.528 views

Wordpress Plugin Modern Events Calendar 5.16.2 - Remote Code Execution (Authenticated)

Exploit Title: Wordpress Plugin Modern Events Calendar 5.16.2 - Remote Code Execution Authenticated Date 01.07.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://webnus.net/modern-events-calendar/ Software Link:...

7.2CVSS7.4AI score0.88158EPSS
Exploits9
Exploit DB
Exploit DB
added 2021/07/02 12:0 a.m.305 views

Wordpress Plugin Modern Events Calendar 5.16.2 - Event export (Unauthenticated)

Exploit Title: Wordpress Plugin Modern Events Calendar 5.16.2 - Event export Unauthenticated Date 01.07.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://webnus.net/modern-events-calendar/ Software Link: https://downloads.wordpress.org/plugin/modern-events-calendar-lite.5.16.2.z...

7.5CVSS7.6AI score0.31043EPSS
Exploits5
0day.today
0day.today
added 2021/07/02 12:0 a.m.148 views

Wordpress Modern Events Calendar 5.16.2 Plugin - Remote Code Execution (Authenticated) Exploit

Exploit Title: Wordpress Plugin Modern Events Calendar 5.16.2 - Remote Code Execution Authenticated Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://webnus.net/modern-events-calendar/ Software Link: https://downloads.wordpress.org/plugin/modern-events-calendar-lite.5.16.2.zip Versio...

7.2CVSS0.3AI score0.88158EPSS
Exploits9
Packet Storm
Packet Storm
added 2021/07/02 12:0 a.m.323 views

WordPress Modern Events Calendar 5.16.2 Shell Upload

Exploit Title: Wordpress Plugin Modern Events Calendar 5.16.2 - Remote Code Execution Authenticated Date 01.07.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://webnus.net/modern-events-calendar/ Software Link:...

6.5CVSS7.2AI score0.88158EPSS
Exploits9
CNVD
CNVD
added 2021/03/22 12:0 a.m.18 views

Wordpress Modern Events Calendar Lite Cross-Site Scripting Vulnerability

Wordpress Modern Events Calendar Lite is Wordpress open source plugin for an application. The plugin is used to manage the best tools for events website. A cross-site scripting vulnerability exists in the Modern Events Calendar Lite WordPress plugin versions prior to 5.16.5. The vulnerability ste...

5.4CVSS5.8AI score0.00748EPSS
Exploits2References1
OSV
OSV
added 2021/03/18 3:15 p.m.6 views

CVE-2021-24149

Unvalidated input in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.6, did not sanitise the mecpostid POST parameter in the mecfesform AJAX action when logged in as an author+, leading to an authenticated SQL Injection issue...

8.8CVSS7.4AI score0.01505EPSS
Exploits2References1
NVD
NVD
added 2021/03/18 3:15 p.m.40 views

CVE-2021-24146

Lack of authorisation checks in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format for example...

7.5CVSS0.31043EPSS
Exploits5References2
NVD
NVD
added 2021/03/18 3:15 p.m.22 views

CVE-2021-24145

Arbitrary file upload in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly check the imported file, allowing PHP ones to be uploaded by administrator by using the 'text/csv' content-type in the request...

7.2CVSS0.88158EPSS
Exploits9References3
NVD
NVD
added 2021/03/18 3:15 p.m.17 views

CVE-2021-24147

Unvalidated input and lack of output encoding in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not sanitise the miccomment field Notes on time when adding/editing an event, allowing users with privilege as low as author to add events with a Cross-Site Scripting...

5.4CVSS0.00748EPSS
Exploits2References1
OSV
OSV
added 2021/03/18 3:15 p.m.19 views

CVE-2021-24147

Unvalidated input and lack of output encoding in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not sanitise the miccomment field Notes on time when adding/editing an event, allowing users with privilege as low as author to add events with a Cross-Site Scripting...

5.4CVSS6.3AI score
Exploits0References1
Rows per page
Query Builder