Description
WordPress Plugin Events Shortcodes For The Events Calendar is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently download and extract a remote ZIP file on the blog, which can lead to remote code execution. WordPress Plugin Events Shortcodes For The Events Calendar version 1.9.4 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.0 or latest
References
https://blog.nintechnet.com/8-wordpress-plugins-fixed-high-severity-vulnerability/
https://plugins.svn.wordpress.org/template-events-calendar/trunk/readme.txt
Related Vulnerabilities
Oracle JRE CVE-2013-5806 Vulnerability (CVE-2013-5806)
PHP Improper Input Validation Vulnerability (CVE-2014-5120)
Oracle HTTP Server NULL Pointer Dereference Vulnerability (CVE-2020-1971)
Joomla CVE-2021-26031 Vulnerability (CVE-2021-26031)
Sqlite Improper Resource Shutdown or Release Vulnerability (CVE-2015-3415)