Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.6
CVE-2024-6522
- EPSS 0.55%
- Published 07.08.2024 11:15:45
- Last modified 01.03.2025 01:20:09
The Modern Events Calendar plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.12.1 via the 'mec_fes_form' AJAX function. This makes it possible for authenticated attackers, with Subscriber-level ...
8.8
CVE-2024-5441
- EPSS 13.8%
- Published 09.07.2024 06:15:02
- Last modified 21.11.2024 09:47:41
The Modern Events Calendar plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the set_featured_image function in all versions up to, and including, 7.11.0. This makes it possible for authenticated atta...
1