Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2021-24946

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise and escape the time parameter before using it in a SQL statement in the mec_load_single_page AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection issue

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

General Information

Vendors

  • Unknown

Products

  • Modern Events Calendar Lite

Additional Info

Technical Analysis