Modern Events Calendar Lite Security Vulnerabilities and Issues — Modern Events Calendar Lite CVE List

Lucene search

WebnusModern Events Calendar Lite

3 matches found

CVE•added 2021/12/13 11:15 a.m.•96 views

CVE-2021-24946

The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise and escape the time parameter before using it in a SQL statement in the mec_load_single_page AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection issue

9.8CVSS9.8AI score0.6014EPSS

Web

CVE•added 2024/08/07 11:15 a.m.•40 views

CVE-2024-6522

The Modern Events Calendar plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.12.1 via the 'mec_fes_form' AJAX function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitra...

9.6CVSS8.2AI score0.00307EPSS

CVE•added 2025/07/12 12:15 p.m.•7 views

CVE-2021-4458

The Modern Events Calendar Lite plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'wp_ajax_mec_load_single_page' AJAX action in all versions up to, and including, 6.3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on ...

9.8CVSS7.2AI score0.00068EPSS