RCE Flaw in WordPress Calendar Plugin Puts 150,000 Sites at Risk

Threat Level – Red | Vulnerability Report
Download PDF

A security flaw, CVE-2024-5441, has been discovered in the Modern Events Calendar, a widely used WordPress plugin with over 150,000 active installations. Developed by Webnus, this plugin is designed to organize and manage in-person, virtual, or hybrid events. The vulnerability allows attackers to upload arbitrary files to a vulnerable site and execute code remotely, posing a significant risk to the security of the affected websites.

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox