Modern Events Calendar Lite registers a number of AJAX actions for logged-in users. Some of these actions allow low-privileged users like subscribers to manipulate settings and other stored data. When exploited in this way, the affected data can be injected with various XSS payloads.
CPE | Name | Operator | Version |
---|---|---|---|
modern-events-calendar-lite | lt | 5.1.7 |