CVE-2023-4021

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Oct 20, 2023

Updated: Nov 7, 2023

Summary

CVE-2023-4021 is a Stored Cross-Site Scripting (XSS) vulnerability affecting the Modern Events Calendar lite plugin for WordPress. This issue stems from insufficient input sanitization and output escaping in versions up to 7.1.0. Attackers, with administrative privileges, can exploit this flaw by injecting arbitrary web scripts using Google API key and Calendar ID. These malicious scripts will execute whenever a user visits an injected page, posing a significant risk for multi-site installations and those with unfiltered_html disabled.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Python

Affected Vendors

Python Software Foundation

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sS3Cdv
https://www.cve.org/CVERecord?id=CVE-2023-4021
https://nvd.nist.gov/vuln/detail/CVE-2023-4021

Back to Vulnerability Database