CVE-2021-24946
published 2021-12-13CVE-2021-24946: The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise and escape the time parameter before using it in a SQL statement in the…
PriorityP186critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
73.41%
99.4th percentile
The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise and escape the time parameter before using it in a SQL statement in the mec_load_single_page AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection issue
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| webnus | modern_events_calendar_lite | < 6.1.5 | 6.1.5 |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP requests (including unauthenticated) to wp-admin/admin-ajax.php with the parameter action=mec_load_single_page and anomalous/SQL-payload values in the 'time' parameter, indicative of blind time-based SQL injection attempts. ↗
- →Alert on HTTP responses with status code 200 or 500 containing body strings 'The event is finished' or 'been a critical error' in conjunction with requests to the mec_load_single_page AJAX action, as these are used as oracle conditions for exploitation.
- →The vulnerability is exploitable by unauthenticated users; no session cookie or authentication token is required. Prioritize detections that fire on unauthenticated POST/GET requests to admin-ajax.php with this action. ↗
- →The injection point is specifically the 'time' parameter (-p time in sqlmap). Flag requests where the 'time' parameter contains SQL metacharacters, sleep/benchmark payloads, or other SQLi patterns. ↗
- ·Vulnerability affects Modern Events Calendar Lite versions before 6.1.5 only. Installations running 6.1.5 or later are not affected. ↗
- ·The exploit targets the unauthenticated AJAX endpoint, meaning WAF/IDS rules should not restrict detection to authenticated sessions — all traffic to this endpoint must be inspected. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8cmg-w5hw-x6p6: The Modern Events Calendar Lite WordPress plugin before 6
ghsa_unreviewed·2021-12-14
CVE-2021-24946 [CRITICAL] CWE-89 GHSA-8cmg-w5hw-x6p6: The Modern Events Calendar Lite WordPress plugin before 6
The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise and escape the time parameter before using it in a SQL statement in the mec_load_single_page AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection issue
VulnCheck
webnus modern_events_calendar_lite Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
vulncheck·2021·CVSS 9.8
CVE-2021-24946 [CRITICAL] webnus modern_events_calendar_lite Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
webnus modern_events_calendar_lite Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise and escape the time parameter before using it in a SQL statement in the mec_load_single_page AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection issue
Affected: webnus modern_events_calendar_lite
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://patchstack.com/database/vulnerability/modern-events-calendar-lite/wordpress-modern-events-calendar-lite-plugin-6-1-0-unauthenticated-blind-sql-injection-sqli-vulnerabilit
No detection rules found.
Exploit-DB
WordPress Plugin Modern Events Calendar V 6.1 - SQL Injection (Unauthenticated)
exploitdb·2022-01-27·CVSS 9.8
CVE-2021-24946 [CRITICAL] WordPress Plugin Modern Events Calendar V 6.1 - SQL Injection (Unauthenticated)
WordPress Plugin Modern Events Calendar V 6.1 - SQL Injection (Unauthenticated)
---
# Exploit Title: WordPress Plugin Modern Events Calendar V 6.1 - SQL Injection (Unauthenticated)
# Date 26.01.2022
# Exploit Author: Ron Jost (Hacker5preme)
# Vendor Homepage: https://webnus.net/modern-events-calendar/
# Software Link: https://downloads.wordpress.org/plugin/modern-events-calendar-lite.6.1.0.zip
# Version: <= 6.1
# Tested on: Ubuntu 20.04
# CVE: CVE-2021-24946
# CWE: CWE-89
# Documentation: https://github.com/Hacker5preme/Exploits/blob/main/Wordpress/CVE-2021-24946/README.md
'''
Description:
The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise and escape the time parameter
before using it in a SQL statement in the mec_load_single_page AJAX action, available to u
Nuclei
WordPress Modern Events Calendar <6.1.5 - Blind SQL Injection
nuclei·CVSS 9.8
CVE-2021-24946 [CRITICAL] WordPress Modern Events Calendar <6.1.5 - Blind SQL Injection
WordPress Modern Events Calendar =6'
- 'status_code == 200 || status_code == 500'
- 'contains(content_type, "text/html")'
- 'contains(body, "The event is finished") || contains(body, "been a critical error")'
condition: and
# digest: 490a00463044022073a8dd6bbf4d4bc7e29d42cd310e3d8e5ee8e1ef976b8012bb0c04992d09e8d702202ce8012e7026ce0dd8ab18aaaf4db4dd1024976e462ffc6ed5b478049a388570:922c64590222798bb761d5b6d8e72950
Metasploit
WordPress Modern Events Calendar SQLi Scanner
metasploit
WordPress Modern Events Calendar SQLi Scanner
WordPress Modern Events Calendar SQLi Scanner
Modern Events Calendar plugin contains an unauthenticated timebased SQL injection in versions before 6.1.5. The time parameter is vulnerable to injection.
Unit42
Network Security Trends: November 2021 to January 2022
blogs_unit42·2022-05-31
Network Security Trends: November 2021 to January 2022
Threat Research Center
Threat Research
Vulnerabilities
## Network Security Trends: November 2021 to January 2022
Yue Guan
Published: May 31, 2022
Threat Research
Vulnerabilities
Apache Log4j
Attack analysis
Denial of service
Exploit in Wild
Network security trends
## Executive Summary
Unit 42 researchers continually observe network attacks and search for insights that can assist defenders. Here, we summarize key trends from November 2021 to January 2022. In the following sections, we present our analysis of the most recently published vulnerabilities, including the severity distribution. We also classify vulnerabilities to provide a clear view of the prevalence of, for example, cross-site scripting or denial of service.
Cross-site scripting stood out as a commonly used t
Unit42
Network Security Trends: November 2021 to January 2022
blogs_unit42·2022-05-31·CVSS 9.8
[CRITICAL] Network Security Trends: November 2021 to January 2022
## Executive Summary
Unit 42 researchers continually observe network attacks and search for insights that can assist defenders. Here, we summarize key trends from November 2021 to January 2022. In the following sections, we present our analysis of the most recently published vulnerabilities, including the severity distribution. We also classify vulnerabilities to provide a clear view of the prevalence of, for example, cross-site scripting or denial of service.
Cross-site scripting stood out as a commonly used technique. Among around 6,443 newly published vulnerabilities, we found that a large portion (almost 10.6%) still involve this technique. However, by evaluating around 167 million attack sessions and focusing on the latest exploits in the wild, we conclude that remote code execution
Greynoiseio
NoiseLetter October 2025
blogs_greynoiseio
NoiseLetter October 2025
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
arXiv
SecScore: Enhancing the CVSS Threat Metric Group with Empirical Evidences
arxiv_fulltext·2024-05-14
SecScore: Enhancing the CVSS Threat Metric Group with Empirical Evidences
: Enhancing the CVSS Threat Metric Group with Empirical Evidences
Miguel Santana
Banco de PortugalPortugal
Vinicius V. Cogo
LASIGE, Informática, Faculdade de Ciências, Universidade de LisboaPortugal
Alan Oliveira de Sá
LASIGE, Informática, Faculdade de Ciências, Universidade de LisboaPortugal
printfolios=true
## Abstract
Background: Timely prioritising and remediating vulnerabilities are paramount in the dynamic cybersecurity field, and one of the most widely used vulnerability scoring systems (CVSS) does not address the increasing likelihood of emerging an exploit code.
Aims: We present , an innovative vulnerability severity score that enhances CVSS Threat metric group with statistical models from empirical evidences of real-world exploit codes.
Method: adjusts the traditional
http://packetstormsecurity.com/files/165742/WordPress-Modern-Events-Calendar-6.1-SQL-Injection.htmlhttps://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-24946https://wpscan.com/vulnerability/09871847-1d6a-4dfe-8a8c-f2f53ff87445http://packetstormsecurity.com/files/165742/WordPress-Modern-Events-Calendar-6.1-SQL-Injection.htmlhttps://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-24946https://wpscan.com/vulnerability/09871847-1d6a-4dfe-8a8c-f2f53ff87445
2021-12-13
Published
Exploited in the wild