CVE-2021-24145 – Webnus / Modern Events Calendar Lite – Unrestricted file upload
CVE-2021-24145 is an unrestricted file upload vulnerability impacting Webnus Modern Events Calendar Lite versions 5.16.2 and earlier. An exploit was observed in open source and a link to an exploit was shared in the underground.
Summary:
CVE-2021-24145 is an unrestricted file upload vulnerability impacting Webnus Modern Events Calendar Lite versions 5.16.2 and earlier. An exploit was observed in open source and a link to an exploit was shared in the underground.
PoC Links(if available):
Packet Storm exploit –
https://packetstormsecurity.com/files/163346/WordPress-Modern-Events-Calendar-5.16.2-Shell-Upload.html
Known Counter Measures:
The vendor addressed the vulnerability in Modern Events Calendar Lite version 5.16.5.
Links to patches(if available)
https://wordpress.org/plugins/modern-events-calendar-lite/#developers
