8 matches found
Wordpress Plugin Modern Events Calendar - Authenticated Remote Code Execution
This module allows an attacker with a privileged Wordpress account to launch a reverse shell due to an arbitrary file upload vulnerability in Wordpress plugin Modern Events Calendar .php Module Options msf use exploit/multi/http/wppluginmoderneventscalendarrce msf...
WordPress Modern Events Calendar Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress Plugin Modern Events Calendar - Authenticated Remote Code Execution', 'Description' = %q This module allows an attacker with a privileg...
CVE-2021-24145
creationtimestamp| type| source ---|---|--- 2021-07-10 16:29:07+00:00| published-proof-of-concept| Telegram/eMoVbCeI-n-jaFKeB-W9ZjnKBEe6KGFrv-r960DcFriPRg 2021-07-26 15:11:59+00:00| seen|...
Wordpress Modern Events Calendar 5.16.2 Plugin - Remote Code Execution (Authenticated) Exploit
Exploit Title: Wordpress Plugin Modern Events Calendar 5.16.2 - Remote Code Execution Authenticated Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://webnus.net/modern-events-calendar/ Software Link: https://downloads.wordpress.org/plugin/modern-events-calendar-lite.5.16.2.zip Versio...
WordPress Modern Events Calendar 5.16.2 Shell Upload
Exploit Title: Wordpress Plugin Modern Events Calendar 5.16.2 - Remote Code Execution Authenticated Date 01.07.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://webnus.net/modern-events-calendar/ Software Link:...
Wordpress Plugin Modern Events Calendar 5.16.2 - Remote Code Execution (Authenticated)
Exploit Title: Wordpress Plugin Modern Events Calendar 5.16.2 - Remote Code Execution Authenticated Date 01.07.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://webnus.net/modern-events-calendar/ Software Link:...
CVE-2021-24145 Modern Events Calendar Lite < 5.16.5 - Authenticated Arbitrary File Upload leading to RCE
Arbitrary file upload in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly check the imported file, allowing PHP ones to be uploaded by administrator by using the 'text/csv' content-type in the request...
CVE-2021-24145
CVE-2021-24145 affects WordPress plugin Modern Events Calendar Lite versions before 5.16.5. The issue is an authenticated arbitrary file upload vulnerability: the plugin does not properly validate the imported file, allowing an administrator or other high-privilege user to upload PHP payloads by ...