Description
WordPress Plugin Modern Events Calendar Lite is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently modify plugin's settings. WordPress Plugin Modern Events Calendar Lite version 5.1.6 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 5.1.8 or latest
References
Related Vulnerabilities
MySQL CVE-2012-0496 Vulnerability (CVE-2012-0496)
WordPress Plugin Events Manager Pro CSV Injection (2.6.7.1)
Oracle JRE CVE-2013-5806 Vulnerability (CVE-2013-5806)
WordPress Plugin Video Player for YouTube Cross-Site Scripting (1.3)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-2354)