CVE-2021-24147

Name of the Vulnerable Software and Affected Versions: Modern Events Calendar Lite WordPress plugin versions prior to 5.16.5

Description: The issue is related to unvalidated input and lack of output encoding in the plugin. Specifically, the mic comment field, also known as 'Notes on time', is not properly sanitised when adding or editing an event. This allows users with privileges as low as author to add events containing a Cross-Site Scripting payload, which is triggered when viewing the event in the frontend.

Recommendations: For versions prior to 5.16.5, update to version 5.16.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the event editing feature to higher-privileged users until the update is applied. Additionally, avoid using the mic comment field in events until the issue is resolved.