{"vulnerability": "cve-2021-2414", "sightings": [{"uuid": "86e6b51d-d553-4e50-b131-535257266e20", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24146", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-24146.yaml", "content": "", "creation_timestamp": "2023-04-27T09:58:59.000000Z"}, {"uuid": "19faf131-4bdb-4fae-afdf-e39bd1fe17dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24145", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-24145.yaml", "content": "", "creation_timestamp": "2023-04-27T09:58:59.000000Z"}, {"uuid": "f3794828-acdb-4bd8-b44c-3374613ee58f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24145", "type": "seen", "source": "MISP/0cf385cc-3eb1-45c2-8f80-ec6f172474ac", "content": "", "creation_timestamp": "2024-11-14T06:09:21.000000Z"}, {"uuid": "b6a2a63a-f3b5-4c95-98ac-7533b49a8e41", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24145", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:45.000000Z"}, {"uuid": "db8961c8-dee8-4fc8-acf5-f29266d51490", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24145", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:35.000000Z"}, {"uuid": "f8bf35cb-0822-43da-b013-22916386a5a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24145", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/wp_plugin_modern_events_calendar_rce.rb", "content": "", "creation_timestamp": "2021-07-26T15:11:59.000000Z"}, {"uuid": "f98bfc5d-2188-479d-92a0-8011e9ce4e43", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24145", "type": "published-proof-of-concept", "source": "Telegram/eMoVbCeI-n-jaFKeB-W9ZjnKBEe6KGFrv-r960DcFriPRg", "content": "", "creation_timestamp": "2021-07-10T16:29:07.000000Z"}, {"uuid": "81797b20-cc7c-44cc-be2e-8df33a41d88f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24147", "type": "seen", "source": "https://t.me/arpsyndicate/35", "content": "#ExploitObserverAlert\n\nCVE-2021-24147\n\nDESCRIPTION: Exploit Observer has 2 entries related to CVE-2021-24147. Unvalidated input and lack of output encoding in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not sanitise the mic_comment field (Notes on time) when adding/editing an event, allowing users with privilege as low as author to add events with a Cross-Site Scripting payload in them, which will be triggered in the frontend when viewing the event.\n\nFIRST-EPSS: 0.000580000\nNVD-IS: 2.7\nNVD-ES: 2.3", "creation_timestamp": "2023-11-09T15:39:01.000000Z"}, {"uuid": "d48c3b7f-7ccf-4221-82c7-b4b939a66f1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24146", "type": "published-proof-of-concept", "source": "Telegram/eMoVbCeI-n-jaFKeB-W9ZjnKBEe6KGFrv-r960DcFriPRg", "content": "", "creation_timestamp": "2021-07-10T16:29:07.000000Z"}, {"uuid": "de083790-e6b6-4020-9536-1ce6bef3d39b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24149", "type": "seen", "source": "https://t.me/cibsecurity/25107", "content": "\u203c CVE-2021-24149 \u203c\n\nUnvalidated input in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.6, did not sanitise the mec[post_id] POST parameter in the mec_fes_form AJAX action when logged in as an author+, leading to an authenticated SQL Injection issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-03-18T17:32:27.000000Z"}, {"uuid": "d0b0b94b-8312-4a10-9aa0-7b5ae2f309c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24143", "type": "seen", "source": "https://t.me/cibsecurity/25112", "content": "\u203c CVE-2021-24143 \u203c\n\nUnvalidated input in the AccessPress Social Icons plugin, versions before 1.8.1, did not sanitise its widget attribute, allowing accounts with post permission, such as author, to perform SQL injections.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-03-18T17:32:35.000000Z"}, {"uuid": "3a9f0f6b-1800-41ad-b698-600de68c7a1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24146", "type": "seen", "source": "https://t.me/cibsecurity/25110", "content": "\u203c CVE-2021-24146 \u203c\n\nLack of authorisation checks in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format for example.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-03-18T17:32:30.000000Z"}, {"uuid": "d37036c4-6f0d-49ab-80cd-51db7ece4562", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24140", "type": "seen", "source": "https://t.me/cibsecurity/25097", "content": "\u203c CVE-2021-24140 \u203c\n\nUnvalidated input in the Ajax Load More WordPress plugin, versions before 5.3.2, lead to SQL Injection in POST /wp-admin/admin-ajax.php with param repeater=' or sleep(5)#&type=test.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-03-18T17:32:12.000000Z"}, {"uuid": "b7c6af45-bc0e-47db-9dec-7354a89d10d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24142", "type": "seen", "source": "https://t.me/cibsecurity/25096", "content": "\u203c CVE-2021-24142 \u203c\n\nUnvaludated input in the 301 Redirects - Easy Redirect Manager WordPress plugin, versions before 2.51, did not sanitise its \"Redirect From\" column when importing a CSV file, allowing high privilege users to perform SQL injections.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-03-18T17:32:11.000000Z"}, {"uuid": "7ed54d8f-a3ea-4102-b6f8-18a388bc1e83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24145", "type": "seen", "source": "https://t.me/pwnwiki_zhchannel/738", "content": "CVE-2021-24145 Wordpress Plugin Modern Events Calendar 5.16.2  \u9060\u7a0b\u4ee3\u78bc\u57f7\u884c\u6f0f\u6d1e\nhttps://www.pwnwiki.org/index.php?title=CVE-2021-24145_Wordpress_Plugin_Modern_Events_Calendar_5.16.2_%E9%81%A0%E7%A8%8B%E4%BB%A3%E7%A2%BC%E5%9F%B7%E8%A1%8C%E6%BC%8F%E6%B4%9E", "creation_timestamp": "2021-09-21T04:42:19.000000Z"}]}