CVE-2020-9459
Modern Events Calendar Lite <= 5.1.6 - Missing Authorization to Stored Cross-Site Scripting and Settings Update
Severity Score
5.4
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Multiple Stored Cross-site scripting (XSS) vulnerabilities in the Webnus Modern Events Calendar Lite plugin through 5.1.6 for WordPress allows remote authenticated users (with minimal permissions) to inject arbitrary JavaScript, HTML, or CSS via Ajax actions. This affects mec_save_notifications and import_settings.
MĂșltiples vulnerabilidades de tipo Cross-site scripting (XSS) Almacenado en el plugin Webnus Modern Events Calendar Lite versiones hasta 5.1.6 para WordPress, permite a usuarios autentificados remotos (con permisos mĂnimos) inyectar JavaScript, HTML o CSS arbitrario por medio de acciones de Ajax. Esto afecta a mec_save_notifications y import_settings.
*Credits:
Ram,Sean Murphy,Matt Rusnak
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-02-27 CVE Published
- 2020-02-28 CVE Reserved
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://wpvulndb.com/vulnerabilities/10100 | 2024-08-04 | |
| https://www.wordfence.com/blog/2020/02/site-takeover-campaign-exploits-multiple-zero-day-vulnerabilities | 2024-08-04 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Webnus Search vendor "Webnus" | Modern Events Calendar Lite Search vendor "Webnus" for product "Modern Events Calendar Lite" | <= 5.1.6 Search vendor "Webnus" for product "Modern Events Calendar Lite" and version " <= 5.1.6" | wordpress |
Affected
| ||||||