4 matches found
CVE-2021-4458
creationtimestamp| type| source ---|---|--- 2026-03-12 21:02:32+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3mgvcd32rie2h 2026-06-06 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2026-06-06 2026-06-19 12:45:09+00:00| exploited|...
WordPress Modern Events Calendar Lite plugin <= 6.3.0 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by WordFence in WordPress Plugin Modern Events Calendar Lite versions = 6.3.0...
CVE-2021-4458 Modern Events Calendar Lite <= 6.3.0 - Unauthenticated SQL Injection
The Modern Events Calendar Lite plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'wpajaxmecloadsinglepage' AJAX action in all versions up to, and including, 6.3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
CVE-2021-4458
The CVE-2021-4458 issue affects the WordPress plugin Modern Events Calendar Lite, version range up to 6.3.0. It is caused by insufficient escaping of the id parameter in the wp_ajax_mec_load_single_page AJAX action, enabling unauthenticated SQL Injection when addslashes is disabled. The vulnerabi...