Lucene search
K

10 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 9:4 p.m.12 views

CVE-2021-24946

The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise and escape the time parameter before using it in a SQL statement in the mecloadsinglepage AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection issue...

9.8CVSS7.5AI score0.728EPSS
Exploits7References1
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.263 views

WordPress Modern Events Calendar SQL Injection Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Modern Events Calendar SQLi Scanner', 'Description' = %q Modern Events Calendar plugin contains an unauthenticated timebased SQL...

9.8CVSS7AI score0.728EPSS
Exploits7
Rapid7 Blog
Rapid7 Blog
added 2022/03/04 9:52 p.m.286 views

Metasploit Weekly Wrap-Up

This week’s Metasploit Framework release brings us seven new modules. IP Camera Exploitation Rapid7’s Jacob Baines was busy this week with two exploit modules that target IP cameras. The first module exploits an authenticated file upload on Axis IP cameras. Due to lack of proper sanitization, an...

9.3CVSS0.99869EPSS
Exploits215
Circl
Circl
added 2022/02/28 6:48 p.m.35 views

CVE-2021-24946

creationtimestamp| type| source ---|---|--- 2022-02-28 18:48:53+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/wpmoderneventscalendarsqli.rb 2025-02-06 03:13:45+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23 04:10:35+00:00...

9.8CVSS7.8AI score0.728EPSS
Exploits7References1
0day.today
0day.today
added 2022/01/27 12:0 a.m.248 views

WordPress Modern Events Calendar V 6.1 Plugin - SQL Injection (Unauthenticated) Exploit

Exploit Title: WordPress Plugin Modern Events Calendar V 6.1 - SQL Injection Unauthenticated Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://webnus.net/modern-events-calendar/ Software Link: https://downloads.wordpress.org/plugin/modern-events-calendar-lite.6.1.0.zip Version: = 6.1...

9.8CVSS0.9AI score0.728EPSS
Exploits7
Packet Storm
Packet Storm
added 2022/01/27 12:0 a.m.329 views

WordPress Modern Events Calendar 6.1 SQL Injection

Exploit Title: WordPress Plugin Modern Events Calendar V 6.1 - SQL Injection Unauthenticated Date 26.01.2022 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://webnus.net/modern-events-calendar/ Software Link: https://downloads.wordpress.org/plugin/modern-events-calendar-lite.6.1.0.zi...

9.8CVSS0.1AI score0.728EPSS
Exploits7
OpenVAS
OpenVAS
added 2022/01/18 12:0 a.m.28 views

WordPress Modern Events Calendar Lite Plugin < 6.1.5 Multiple Vulnerabilities

The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

9.8CVSS8AI score0.728EPSS
Exploits9References2
NVD
NVD
added 2021/12/13 11:15 a.m.71 views

CVE-2021-24946

The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise and escape the time parameter before using it in a SQL statement in the mecloadsinglepage AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection issue...

9.8CVSS0.728EPSS
Exploits7References3
Cvelist
Cvelist
added 2021/12/13 10:41 a.m.64 views

CVE-2021-24946 Modern Events Calendar < 6.1.5 - Unauthenticated Blind SQL Injection

The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise and escape the time parameter before using it in a SQL statement in the mecloadsinglepage AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection issue...

10AI score0.728EPSS
Exploits7References3
CVE
CVE
added 2021/12/13 10:41 a.m.140 views

CVE-2021-24946

The CVE-2021-24946 issue affects the WordPress plugin Modern Events Calendar Lite (before version 6.1.5). The vulnerability is a SQL injection in the mec_load_single_page AJAX action caused by improper sanitisation/escapING of the time parameter, exploitable by unauthenticated users. Descriptions...

9.8CVSS9.8AI score0.728EPSS
Exploits7References3Affected Software1
Rows per page
Query Builder