Modern-events-calendar_6.6.12-addons.zip [ PLUS · 2024 ]

The Modern Events Calendar plugin, specifically versions near 6.6.12, is associated with a critical file-upload vulnerability (CVE-2024-5441) that allowed attackers to execute arbitrary code and take full control of over 150,000 WordPress sites. Patched in version 7.12.0, this vulnerability resulted from a lack of file-type validation, leaving sites using older or "nulled" versions highly exposed to active exploitation. Read the full analysis at BleepingComputer . Modern Events Calendar - Vulnerability Database - Wordfence