QwikSec

Security Database

CVE

CWE

Training

CVE-2021-24925

Published: Dec 13, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise and escape the current_month_divider parameter of its mec_list_load_more AJAX call (available to both unauthenticated and authenticated users) before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue

Vendor	Product	Versions
Unknown	Modern Events Calendar Lite	affected `6.1.5 - < 6.1.5`

Weaknesses (CWE)

References

https://wpscan.com/vulnerability/82233588-6033-462d-b886-a8ef5ee9adb0

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.