The Nimble Nerd white logo

Update Now: Major Vulnerability in Modern Events Calendar Plugin Puts 150,000 WordPress Sites at Risk

If your WordPress site uses the Modern Events Calendar plugin, update it ASAP! A high-severity vulnerability (CVE-2024-5441) could let hackers take over your site. Researchers report active exploitation of this flaw, so don’t wait—upgrade to version 7.12.0 now!

Published: July 10, 2024 10:53 amAdded: July 10, 2024 at 4:01 amAssembled by: The Editor

Hot Take:

Attention, WordPress owners! Time to update that Modern Events Calendar plugin before your website turns into a hacker’s playground. Because who doesn’t love an uninvited PHP party?

Key Points:

  • High-severity vulnerability found in Modern Events Calendar plugin on WordPress.
  • Bug tracked as CVE-2024-5441 with a severity score of 8.8.
  • Flaw allows malicious PHP files to be uploaded via the ‘set_featured_image’ function.
  • Vulnerability affects versions up to 7.11.0; update to 7.12.0 or later.
  • Over 150,000 websites using the plugin are at risk of full takeover.

Membership Required

 You must be a member to access this content.

View Membership Levels