Modern Events Calendar Lite WordPress Plugin Security Vulnerabilities | WPScan

20

May 10, 2022

100000

Published

2025-07-11

Title

Modern Events Calendar Lite < 6.4.0 - Unauthenticated SQL Injection

Fixed in

Fixed in 6.4.0

CVSS

5.9 (medium)

Published

2025-06-05

Title

Modern Events Calendar < 7.22 - Information Exposure

Fixed in

Fixed in 7.22

CVSS

5.3 (medium)

Published

2024-08-06

Title

Modern Events Calendar <= 7.12.1 - Subscriber+ Server Side Request Forgery

Fixed in

Fixed in 7.13.0

CVSS

8.5 (high)

Published

2024-07-08

Title

Modern Events Calendar <= 7.11.0 - Authenticated (Subscriber+) Arbitrary File Upload

Fixed in

Fixed in 7.12.0

CVSS

8.8 (high)

Published

2023-09-28

Title

Modern Events Calendar lite < 7.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting

Fixed in

Fixed in 7.1.0

CVSS

4.4 (medium)

Published

2023-03-14

Title

Modern Events Calendar lite < 6.5.2 - Admin+ Stored XSS

Fixed in

Fixed in 6.5.2

CVSS

3.5 (low)

Published

2022-06-01

Title

Modern Events Calendar Lite < 6.3.0 - Authenticated Stored Cross-Site Scripting

Fixed in

Fixed in 6.3.0

CVSS

5.4 (medium)

Published

2022-04-14

Title

Modern Events Calendar Lite < 6.5.2 - Admin+ Stored Cross-Site Scripting

Fixed in

Fixed in 6.5.2

CVSS

3.4 (low)

Published

2022-03-28

Title

Modern Events Calendar Lite < 6.4.7 - Reflected Cross-Site Scripting

Fixed in

Fixed in 6.4.7

CVSS

6.1 (medium)

Published

2022-02-28

Title

Modern Events Calendar Lite < 6.4.0 - Contributor+ Stored Cross Site Scripting

Fixed in

Fixed in 6.4.0

CVSS

6.8 (medium)

Published

2021-12-03

Title

Modern Events Calendar Lite < 6.2.0 - Subscriber+ Category Add Leading to Stored XSS

Fixed in

Fixed in 6.2.0

CVSS

5.4 (medium)

Published

2021-11-15

Title

Modern Events Calendar < 6.1.5 - Unauthenticated Blind SQL Injection

Fixed in

Fixed in 6.1.5

CVSS

8.6 (high)

Published

2021-11-15

Title

Modern Events Calendar Lite < 6.1.5 - Reflected Cross-Site Scripting

Fixed in

Fixed in 6.1.5

CVSS

8.8 (high)

Published

2021-09-29

Title

Modern Events Calendar Lite < 5.22.3 - Authenticated Stored Cross Site Scripting

Fixed in

Fixed in 5.22.3

CVSS

3.8 (low)

Published

2021-09-06

Title

Modern Events Calendar Lite < 5.22.2 - Admin+ Stored Cross-Site Scripting

Fixed in

Fixed in 5.22.2

CVSS

3.8 (low)

Published

2021-01-29

Title

Modern Events Calendar Lite < 5.16.5 - Unauthenticated Events Export

Fixed in

Fixed in 5.16.5

CVSS

5.3 (medium)

Published

2021-01-29

Title

Modern Events Calendar Lite < 5.16.6 - Authenticated SQL Injection

Fixed in

Fixed in 5.16.6

CVSS

9.1 (critical)

Published

2021-01-29

Title

Modern Events Calendar Lite < 5.16.5 - Authenticated Stored Cross-Site Scripting (XSS)

Fixed in

Fixed in 5.16.5

CVSS

5.4 (medium)

Published

2021-01-29

Title

Modern Events Calendar Lite < 5.16.5 - Authenticated Arbitrary File Upload leading to RCE

Fixed in

Fixed in 5.16.5

CVSS

9.1 (critical)

Published

2020-02-27

Title

Modern Events Calendar Lite < 5.1.7 - Multiple Subscriber+ Stored XSS

Fixed in

Fixed in 5.1.7

CVSS

5.4 (medium)