Modern Events Calendar Lite Security Vulnerabilities and Issues — Modern Events Calendar Lite CVE List

Lucene search

WebnusModern Events Calendar Lite

4 matches found

CVE•added 2022/04/14 9:15 p.m.•87 views

CVE-2022-27848

Authenticated (admin+ user) Stored Cross-Site Scripting (XSS) in Modern Events Calendar Lite (WordPress plugin)

4.8CVSS4.3AI score0.00319EPSS

CVE•added 2023/10/20 8:15 a.m.•72 views

CVE-2023-4021

The Modern Events Calendar lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Google API key and Calendar ID in versions up to, but not including, 7.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with admin...

4.8CVSS4.9AI score0.00156EPSS

CVE•added 2023/03/27 4:15 p.m.•45 views

CVE-2023-1400

The Modern Events Calendar Lite WordPress plugin before 6.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup...

4.8CVSS4.9AI score0.00107EPSS

CVE•added 2021/10/04 12:15 p.m.•38 views

CVE-2021-24687

The Modern Events Calendar Lite WordPress plugin before 5.22.2 does not escape some of its settings before outputting them in attributes, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

4.8CVSS4.7AI score0.00206EPSS