CVE-2021-24687

CVE-2021-24687: Modern Events Calendar Lite < 5.22.2 - Admin+ Stored Cross-Site Scripting

Vendor Unknown

Product Modern Events Calendar Lite

Weakness CWE-79 · XSS

Published October 4, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Modern Events Calendar Lite WordPress plugin before 5.22.2 does not escape some of its settings before outputting them in attributes, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

Key dates

02Disclosure timeline

October 4, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24687

Related vulnerabilities

04Related CVE

CVE-2019-1733 Cisco NX-OS Software NX-API Sandbox Cross-Site Scripting Vulnerability CVE-2026-40593 ChurchCRM: Stored XSS in UserEditor.php via Login Name Field CVE-2024-30441 WordPress Combo Blocks plugin <= 2.2.74 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2024-2435 Stored XSS in Timeline View CVE-2025-29790 Contao allows cross-site scripting through SVG uploads