CVE-2021-24145

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-24145

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-24145.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-24145

Published

2021-03-18T15:15:15.400Z

Modified

2026-04-02T06:47:46.736293Z

Severity

7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Arbitrary file upload in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly check the imported file, allowing PHP ones to be uploaded by administrator by using the 'text/csv' content-type in the request.

References

Affected packages

Git / github.com/webnuswp/modern-events-calendar-lite

Affected ranges

Type

GIT

Repo

https://github.com/webnuswp/modern-events-calendar-lite

Events

Introduced

Fixed

2cf923ae6ac8957825b179a850fc8e41fac98bc9

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "5.16.5"
        }
    ]
}

Affected versions

4.*

4.7.7

4.8.1

4.8.2

4.8.3

4.8.5

5.*

5.0.0

5.0.1

5.0.2

5.0.5

5.1.0

5.1.5

5.1.6

5.1.7

5.1.8

5.10.0

5.10.5

5.11.0

5.11.5

5.12.0

5.12.5

5.12.6

5.13.0

5.13.1

5.13.5

5.13.6

5.14.0

5.15.0

5.15.5

5.16.0

5.16.1

5.16.2

5.2.0

5.2.1

5.2.2

5.2.3

5.2.5

5.2.6

5.2.7

5.3.0

5.3.5

5.4.0

5.4.5

5.4.6

5.5.0

5.6.0

5.6.1

5.6.5

5.7.0

5.7.5

5.8.0

5.8.5

5.9.0

5.9.5

v4.*

v4.7.6

v4.9.0

v4.9.5

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-24145.json"