WordPress Plugin Vulnerabilities

Modern Events Calendar Lite

2022-06-01

Modern Events Calendar Lite < 6.3.0 - Authenticated Stored Cross-Site Scripting

Fixed in version 6.3.0

2022-04-14

Modern Events Calendar Lite < 6.5.2 - Admin+ Stored Cross-Site Scripting

Fixed in version 6.5.2

2022-03-28

Modern Events Calendar Lite < 6.4.7 - Reflected Cross-Site Scripting

Fixed in version 6.4.7

2022-02-28

Modern Events Calendar Lite < 6.4.0 - Contributor+ Stored Cross Site Scripting

Fixed in version 6.4.0

2021-12-03

Modern Events Calendar Lite < 6.2.0 - Subscriber+ Category Add Leading to Stored XSS

Fixed in version 6.2.0

2021-11-15

Modern Events Calendar < 6.1.5 - Unauthenticated Blind SQL Injection

Fixed in version 6.1.5

2021-11-15

Modern Events Calendar Lite < 6.1.5 - Reflected Cross-Site Scripting

Fixed in version 6.1.5

2021-09-29

Modern Events Calendar Lite < 5.22.3 - Authenticated Stored Cross Site Scripting

Fixed in version 5.22.3

2021-09-06

Modern Events Calendar Lite < 5.22.2 - Admin+ Stored Cross-Site Scripting

Fixed in version 5.22.2

2021-01-29

Modern Events Calendar Lite < 5.16.5 - Authenticated Stored Cross-Site Scripting (XSS)

Fixed in version 5.16.5

2021-01-29

Modern Events Calendar Lite < 5.16.5 - Unauthenticated Events Export

Fixed in version 5.16.5

2021-01-29

Modern Events Calendar Lite < 5.16.5 - Authenticated Arbitrary File Upload leading to RCE

Fixed in version 5.16.5

2021-01-29

Modern Events Calendar Lite < 5.16.6 - Authenticated SQL Injection

Fixed in version 5.16.6

2020-02-27

Modern Events Calendar Lite < 5.1.7 - Multiple Subscriber+ Stored XSS

Fixed in version 5.1.7