3 matches found
CVE-2024-6522
The Modern Events Calendar plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.12.1 via the 'mecfesform' AJAX function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitra...
WordPress Modern Events Calendar Plugin <= 7.12.1 is vulnerable to Server Side Request Forgery (SSRF)
Software Modern Events Calendar Type Plugin Vulnerable versions = 7.12.1 Fixed in 7.13.0 OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2024-6522 Patch priority Low CVSS severity Low 6.4 Developer Claim ownership PSID 2c1730c6aa47 Credits Foxyyy Required...
WordPress Modern Events Calendar Lite Plugin <= 7.12.1 is vulnerable to Server Side Request Forgery (SSRF)
Software Modern Events Calendar Lite Type Plugin Vulnerable versions = 7.12.1 Fixed in 7.13.0 OWASP Top 10 A1: Broken Access Control Classification Server Side Request Forgery SSRF CVE CVE-2024-6522 Patch priority Low CVSS severity Low 6.4 Developer Claim ownership PSID 910627b36a58 Credits Foxyy...