Tech News
Vulnerability In A WordPress Calendar Plugin Actively Exploited
WordPress admins running the Modern Events Calendar plugin on their websites must act quickly to update their sites with the latest plugin release. Hackers have begun exploiting a critical vulnerability in the Calendar plugin to target WordPress sites.
Modern Events Calendar Plugin Vulnerability Puts 150K Sites at Risk
Wordfence, a WordPress security service, recently disclosed a significant security vulnerability in the Modern Events Calendar plugin.
According to their report, the vulnerability in the plugin allowed for arbitrary file uploads. This was due to a lack of file type validation in the plugin’s set_featured_image function. An attacker could leverage this vulnerability to upload malicious image files or .php files to the server, potentially leading to remote code execution.
Although exploiting the vulnerability required authenticated access, unauthenticated attacks could also be possible on sites that allow unauthenticated event submissions. In the worst-case scenarios, the vulnerability could enable a complete takeover of a website through webshells or similar techniques.
The vulnerability has been assigned the CVE ID CVE-2024-5441, with a high severity rating and a CVSS score of 8.8. Wordfence has provided a detailed technical analysis of the flaw in their report.
Update Your Sites Immediately as Hackers Exploit the Vulnerability
The vulnerability was initially discovered by security researcher Friderika Baranyai (also known as Foxyyy), who reported it through Wordfence’s bug bounty program. Following the report, Wordfence worked with the plugin developers to address the vulnerability in plugin version 7.11.0.
Subsequently, the developers, Webnus, released a patch in Modern Events Calendar version 7.12.0. Additionally, the researcher received a $3,094 bounty for the bug report.
Despite the patch being available, Wordfence has observed active exploitation attempts targeting this vulnerability. With over 150,000 active installations of the plugin, numerous websites are at risk. It is crucial for users to update their sites with the latest plugin release to mitigate potential threats.
We welcome your thoughts and feedback in the comments section.
Ranger perishes in Orange County brush fire as dangerous wildfires continue to wreak havoc on tri-state region
Halo 2 E3 demo now wvailable on Steam
Mauritius holds election with cost of living on everyone’s minds
Meta Opens First Ray-Ban Pop-up Store in Hopes of Making Smartglasses Fashionable
Best Smartwatch 2024: Wearables for Android & iPhone
Argonauts upset Alouettes in East final, but lose QB Chad Kelly
SEGA Classics to be delisted from digital stores on December 6th
Holocaust survivor calls Amsterdam attack ‘modern-day kristallnacht’
Beyond VPNs: The future of secure remote connectivity
How to Fix WhatsApp Green Screen Error
The Top 20 Motivational Instagram Accounts to Follow (2024)
Bangladeshi police agents accused of selling citizens’ personal information on Telegram
Singapore Airlines CEO set to join board of Air India, BA News, BA
Don’t Waste Your Time in Anger, Regrets, Worries and Grudges
Satisfy Your Meat and BBQ Cravings While in Texas
Mastering data privacy in the age of AI
15 of the Best Trike & Tricycles Mums Recommend
Soccer team’s drone at center of Paris Olympics spying scandal
The Criterion Collection announces November 2024 releases, Seven Samurai 4K and more
Our new fixed tours are your ultimate Aussie & Kiwi adventure!
-
Motivation5 months agoThe Top 20 Motivational Instagram Accounts to Follow (2024)
-
Tech News5 months agoBangladeshi police agents accused of selling citizens’ personal information on Telegram
-
Destination2 months agoSingapore Airlines CEO set to join board of Air India, BA News, BA
-
Self Development5 months agoDon’t Waste Your Time in Anger, Regrets, Worries and Grudges
-
Guides & Tips4 months ago
Satisfy Your Meat and BBQ Cravings While in Texas
-
Tech News4 months agoMastering data privacy in the age of AI
-
Toys5 months ago15 of the Best Trike & Tricycles Mums Recommend
-
Tech News4 months agoSoccer team’s drone at center of Paris Olympics spying scandal