Browse all 3 CVE security advisories affecting webnus/. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Webnus develops WordPress themes and plugins primarily for website building and e-commerce solutions. Historically, their products have been susceptible to multiple vulnerability classes including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation, often stemming from insufficient input validation and improper access controls. The three recorded CVEs highlight these recurring security gaps, with one incident allowing unauthenticated attackers to execute arbitrary code due to a flaw in a theme's file upload mechanism. While no major breaches have been widely documented, the consistent pattern of vulnerabilities suggests a need for more rigorous security testing and input sanitization practices across their product line.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2021-4458 | Modern Events Calendar Lite <= 6.3.0 - Unauthenticated SQL Injection — Modern Events Calendar LiteCWE-89 | 5.9 | Medium | 2025-07-12 |
| CVE-2025-5733 | Modern Events Calendar <= 7.21.9 - Information Exposure — Modern Events Calendar LiteCWE-201 | 5.3 | Medium | 2025-06-06 |
| CVE-2023-4021 | Modern Events Calendar lite < 7.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting — Modern Events Calendar LiteCWE-79 | 4.4 | Medium | 2023-10-20 |
This page lists every published CVE security advisory associated with webnus/. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.