Primary

Context

Modern Events Calendar Lite Full Path Disclosure Vulnerability

Vulnerability

Patched

A full path disclosure vulnerability has been identified in the Modern Events Calendar Lite plugin for WordPress, affecting all versions through 7.21.9. The issue arises from inadequate validation of the 'id' property during calendar exports, allowing unauthenticated attackers to access the complete file path of the web application. While this information could facilitate further attacks, it is not harmful on its own and requires the presence of another vulnerability to cause damage to the affected website.

Impact

Exploitation of this vulnerability could lead to information exposure, allowing attackers to obtain the full file path of the web application, which could be used to facilitate other attacks.

Remediation

Users are advised to update the Modern Events Calendar Lite plugin to version 7.22 or a newer patched version.

Added: Jun 6, 2025, 4:17 AM

Updated: Jun 6, 2025, 4:17 AM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

0.6

exploitability

7.6

remediation

7.7

relevance

0.1

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

0.6

exploitability

7.6

remediation

7.7

relevance

0.1

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Modern Events Calendar Lite Full Path Disclosure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Webnus Modern Events Calendar Lite

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating