The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise and escape the time parameter before using it in a SQL statement in the mec_load_single_page AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection issue
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/165742/WordPress-Modern-Events-Calendar-6.1-SQL-Injection.html | Exploit Third Party Advisory VDB Entry |
https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-24946 | Exploit Third Party Advisory |
https://wpscan.com/vulnerability/09871847-1d6a-4dfe-8a8c-f2f53ff87445 | Exploit Third Party Advisory |
http://packetstormsecurity.com/files/165742/WordPress-Modern-Events-Calendar-6.1-SQL-Injection.html | Exploit Third Party Advisory VDB Entry |
https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-24946 | Exploit Third Party Advisory |
https://wpscan.com/vulnerability/09871847-1d6a-4dfe-8a8c-f2f53ff87445 | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 05:54
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/165742/WordPress-Modern-Events-Calendar-6.1-SQL-Injection.html - Exploit, Third Party Advisory, VDB Entry | |
References | () https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-24946 - Exploit, Third Party Advisory | |
References | () https://wpscan.com/vulnerability/09871847-1d6a-4dfe-8a8c-f2f53ff87445 - Exploit, Third Party Advisory |
04 Feb 2022, 15:48
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) http://packetstormsecurity.com/files/165742/WordPress-Modern-Events-Calendar-6.1-SQL-Injection.html - Exploit, Third Party Advisory, VDB Entry | |
References | (MISC) https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-24946 - Exploit, Third Party Advisory |
31 Jan 2022, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
27 Jan 2022, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
16 Dec 2021, 15:07
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
CWE | CWE-89 | |
CPE | cpe:2.3:a:webnus:modern_events_calendar_lite:*:*:*:*:*:wordpress:*:* | |
References | (MISC) https://wpscan.com/vulnerability/09871847-1d6a-4dfe-8a8c-f2f53ff87445 - Exploit, Third Party Advisory |
13 Dec 2021, 11:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-12-13 11:15
Updated : 2024-11-21 05:54
NVD link : CVE-2021-24946
Mitre link : CVE-2021-24946
CVE.ORG link : CVE-2021-24946
JSON object : View
Products Affected
webnus
- modern_events_calendar_lite
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')