CVE-2021-24946-Exploit
Wordpress Plugin Modern Events Calendar V 6.1 - SQL Injection (Unauthenticated)
CVE description:
The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise and escape the time parameter before using it in a SQL statement in the mec_load_single_page AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection issue.
ExploitDB:
Exploit Description:
- Vendor Homepage: https://webnus.net/modern-events-calendar/
- Software Link: https://downloads.wordpress.org/plugin/modern-events-calendar-lite.6.1.0.zip
- Version: Up to 6.1
- Tested on Ubuntu 20.04


