Modern Events Calendar Lite Security Vulnerabilities and Issues — Modern Events Calendar Lite CVE List

Lucene search

WebnusModern Events Calendar Lite

2 matches found

CVE•added 2021/12/13 11:15 a.m.•96 views

CVE-2021-24946

The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise and escape the time parameter before using it in a SQL statement in the mec_load_single_page AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection issue

9.8CVSS9.8AI score0.61429EPSS

CVE•added 2021/12/13 11:15 a.m.•45 views

CVE-2021-24925

The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise and escape the current_month_divider parameter of its mec_list_load_more AJAX call (available to both unauthenticated and authenticated users) before outputting it back in the response, leading to a Reflected Cross-Site...

6.1CVSS6.1AI score0.00293EPSS