Vulnerability Description
Multiple Stored Cross-site scripting (XSS) vulnerabilities in the Webnus Modern Events Calendar Lite plugin through 5.1.6 for WordPress allows remote authenticated users (with minimal permissions) to inject arbitrary JavaScript, HTML, or CSS via Ajax actions. This affects mec_save_notifications and import_settings.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Webnus | Modern Events Calendar Lite | <= 5.1.6 |
Related Weaknesses (CWE)
References
- https://wpvulndb.com/vulnerabilities/10100ExploitThird Party Advisory
- https://www.wordfence.com/blog/2020/02/site-takeover-campaign-exploits-multiple-ExploitThird Party Advisory
- https://wpvulndb.com/vulnerabilities/10100ExploitThird Party Advisory
- https://www.wordfence.com/blog/2020/02/site-takeover-campaign-exploits-multiple-ExploitThird Party Advisory
FAQ
What is CVE-2020-9459?
CVE-2020-9459 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Multiple Stored Cross-site scripting (XSS) vulnerabilities in the Webnus Modern Events Calendar Lite plugin through 5.1.6 for WordPress allows remote authenticated users (with minimal permissions) to ...
How severe is CVE-2020-9459?
CVE-2020-9459 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-9459?
Check the references section above for vendor advisories and patch information. Affected products include: Webnus Modern Events Calendar Lite.