Medium severity4.8NVD Advisory· Published Oct 4, 2021· Updated Jun 17, 2026
CVE-2021-24687
CVE-2021-24687
Description
The Modern Events Calendar Lite WordPress plugin before 5.22.2 does not escape some of its settings before outputting them in attributes, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Modern Events Calendar Lite plugindescription
- Range: <5.22.2
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/300ba418-63ed-4c03-9031-263742ed522envdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.