Modern Events Calendar Lite Security Vulnerabilities and Issues — Modern Events Calendar Lite CVE List

Lucene search

WebnusModern Events Calendar Lite

8 matches found

CVE•added 2020/02/28 9:15 p.m.•144 views

CVE-2020-9459

Multiple Stored Cross-site scripting (XSS) vulnerabilities in the Webnus Modern Events Calendar Lite plugin through 5.1.6 for WordPress allows remote authenticated users (with minimal permissions) to inject arbitrary JavaScript, HTML, or CSS via Ajax actions. This affects mec_save_notifications and...

5.4CVSS5.4AI score0.00185EPSS

CVE•added 2022/03/21 7:15 p.m.•90 views

CVE-2022-0364

The Modern Events Calendar Lite WordPress plugin before 6.4.0 does not sanitize and escape some of the Hourly Schedule parameters which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks

5.4CVSS5.2AI score0.01598EPSS

CVE•added 2022/06/16 2:15 a.m.•80 views

CVE-2022-30533

Cross-site scripting vulnerability in Modern Events Calendar Lite versions prior to 6.3.0 allows remote an authenticated attacker to inject an arbitrary script via unspecified vectors.

5.4CVSS5.1AI score0.0017EPSS

CVE•added 2025/06/06 4:16 a.m.•40 views

CVE-2025-5733

The Modern Events Calendar Lite plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 7.21.9. This is due improper or insufficient validation of the id property when exporting calendars. This makes it possible for unauthenticated attackers to retrieve the ...

5.3CVSS6.6AI score0.00028EPSS

CVE•added 2021/11/01 9:15 a.m.•39 views

CVE-2021-24716

The Modern Events Calendar Lite WordPress plugin before 5.22.3 does not properly sanitize or escape values set by users with access to adjust settings withing wp-admin.

5.4CVSS5.4AI score0.0018EPSS

CVE•added 2021/03/18 3:15 p.m.•36 views

CVE-2021-24147

Unvalidated input and lack of output encoding in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not sanitise the mic_comment field (Notes on time) when adding/editing an event, allowing users with privilege as low as author to add events with a Cross-Site Scripting pa...

5.4CVSS5.3AI score0.00266EPSS

CVE•added 2022/01/17 1:15 p.m.•36 views

CVE-2021-25046

The Modern Events Calendar Lite WordPress plugin before 6.2.0 alloed any logged-in user, even a subscriber user, may add a category whose parameters are incorrectly escaped in the admin panel, leading to stored XSS.

5.4CVSS5.3AI score0.0018EPSS

CVE•added 2025/07/12 12:15 p.m.•6 views

CVE-2021-4458

The Modern Events Calendar Lite plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'wp_ajax_mec_load_single_page' AJAX action in all versions up to, and including, 6.3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on ...

5.9CVSS7.2AI score0.00084EPSS