Arbitrary file upload in the Modern Events Calendar Lite WordPress plugin, versions prior to 5.16.5, did not properly check the imported file, allowing PHP ones to be uploaded by administrator by using the 'text/csv' content-type in the request.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
webnus modern events calendar lite |