Description
WordPress Plugin Modern Events Calendar is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. WordPress Plugin Modern Events Calendar version 7.11.0 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 7.12.0 or latest
References
Related Vulnerabilities
WordPress Plugin Question and Answer Forum 'title' Variable Cross-Site Scripting (1.2.4)
Oracle JRE CVE-2014-2420 Vulnerability (CVE-2014-2420)
SharePoint CVE-2025-21400 Vulnerability (CVE-2025-21400)
WordPress Plugin User Meta Manager Information Disclosure (3.4.7)
Apache HTTP Server Improper Locking Vulnerability (CVE-2009-2699)