High severity7.2NVD Advisory· Published Mar 18, 2021· Updated Jun 17, 2026
CVE-2021-24145
CVE-2021-24145
Description
Arbitrary file upload in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly check the imported file, allowing PHP ones to be uploaded by administrator by using the 'text/csv' content-type in the request.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Modern Events Calendar Litedescription
- Range: <5.16.5
Patches
Vulnerability mechanics
References
3- packetstormsecurity.com/files/163346/WordPress-Modern-Events-Calendar-5.16.2-Shell-Upload.htmlnvdExploitThird Party AdvisoryVDB Entry
- packetstormsecurity.com/files/163672/WordPress-Modern-Events-Calendar-Remote-Code-Execution.htmlnvdExploitThird Party AdvisoryVDB Entry
- wpscan.com/vulnerability/f42cc26b-9aab-4824-8168-b5b8571d1610nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.