CVE-2021-24145 – Webnus / Modern Events Calendar Lite – Unrestricted file upload

CVE-2021-24145 is an unrestricted file upload vulnerability impacting Webnus Modern Events Calendar Lite versions 5.16.2 and earlier. An exploit was observed in open source and a link to an exploit was shared in the underground.

Summary:

CVE-2021-24145 is an unrestricted file upload vulnerability impacting Webnus Modern Events Calendar Lite versions 5.16.2 and earlier. An exploit was observed in open source and a link to an exploit was shared in the underground.

PoC Links(if available):

Packet Storm exploit –
https://packetstormsecurity.com/files/163346/WordPress-Modern-Events-Calendar-5.16.2-Shell-Upload.html

Known Counter Measures:

The vendor addressed the vulnerability in Modern Events Calendar Lite version 5.16.5.

Links to patches(if available)

https://wordpress.org/plugins/modern-events-calendar-lite/#developers