Limited Black Friday Offer:

WordPress Modern Events Calendar <6.1.5 - Blind SQL Injection CVE-2021-24946 Scanner

WordPress Modern Events Calendar <6.1.5 allows Blind SQL Injection vulnerability.

Short Info

Level

Critical

Type

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Domain, Ipv4

Parent Category

WordPress Modern Events Calendar <6.1.5 - Blind SQL Injection CVE-2021-24946 Scanner Detail

WordPress Modern Events Calendar plugin before 6.1.5 is susceptible to blind SQL injection. The plugin does not sanitize and escape the time parameter before using it in a SQL statement in the mec_load_single_page AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.

https://wpscan.com/vulnerability/09871847-1d6a-4dfe-8a8c-f2f53ff87445
https://wordpress.org/plugins/modern-events-calendar-lite/
https://nvd.nist.gov/vuln/detail/CVE-2021-24946