Vulnerabilities > Webnus > Modern Events Calendar Lite > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-09 | CVE-2024-5441 | Unrestricted Upload of File with Dangerous Type vulnerability in Webnus Modern Events Calendar The Modern Events Calendar plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the set_featured_image function in all versions up to, and including, 7.11.0. | 8.8 |
| 2021-12-13 | CVE-2021-24946 | SQL Injection vulnerability in Webnus Modern Events Calendar Lite The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise and escape the time parameter before using it in a SQL statement in the mec_load_single_page AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection issue | 7.5 |