WordPress Calendar Plugin RCE Flaw Exposes 150,000 Sites for Hacking – CybersecurityNews
A security flaw was discovered in the Modern Events Calendar, a widely used WordPress plugin with over 150,000 active installations. The vulnerability, identified as an Arbitrary File Upload flaw, allows authenticated users, such as subscribers, to upload arbitrary files to a vulnerable site, potentially leading to remote code execution (RCE).The…