QwikSec

Security Database

CVE

CWE

Training

CVE-2021-24149

Published: Mar 18, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

Unvalidated input in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.6, did not sanitise the mec[post_id] POST parameter in the mec_fes_form AJAX action when logged in as an author+, leading to an authenticated SQL Injection issue.

Vendor	Product	Versions
Unknown	Modern Events Calendar Lite	affected `5.16.6 - < 5.16.6`

Weaknesses (CWE)

References

https://wpscan.com/vulnerability/26819680-22a8-4348-b63d-dc52c0d50ed0

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.