Vulnerability identifier: #VU66954

Vulnerability risk: Low

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C]

CVE-ID: CVE-2021-24145

CWE-ID: CWE-434

Exploitation vector: Network

Exploits in database: 3

• September 3, 2022
  • Wordpress Plugin Modern Events Calendar 5.16.2 - Remote Code Execution (Authenticated) [Exploit-DB]
  • Wordpress Plugin Modern Events Calendar - Authenticated Remote Code Execution [Metasploit]
  • CVE-2021-24145 (WordPress File Upload Vulnerability, Modern Events Calendar Lite WordPress plugin before 5.16.5) [Github]

Impact: Code execution

Vulnerable software:
Modern Events Calendar Lite
Web applications / Modules and components for CMS

Vendor: Webnus Team