High severity8.8NVD Advisory· Published Mar 18, 2021· Updated Jun 17, 2026
CVE-2021-24149
CVE-2021-24149
Description
Unvalidated input in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.6, did not sanitise the mec[post_id] POST parameter in the mec_fes_form AJAX action when logged in as an author+, leading to an authenticated SQL Injection issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Modern Events Calendar Litedescription
- Range: <5.16.6
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/26819680-22a8-4348-b63d-dc52c0d50ed0nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.