CVE-2021-25046

CVE-2021-25046: Modern Events Calendar Lite < 6.2.0 - Subscriber+ Category Add Leading to Stored XSS

Vendor Unknown
Product Modern Events Calendar Lite
Weakness CWE-79 · XSS
Published January 17, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The Modern Events Calendar Lite WordPress plugin before 6.2.0 alloed any logged-in user, even a subscriber user, may add a category whose parameters are incorrectly escaped in the admin panel, leading to stored XSS.

Key dates

02Disclosure timeline

January 17, 2022 CVE published
August 3, 2024 Record updated