Modern Events Calendar Vulnerability / Update

Looks like the bundled ME Calendar plugin has a critical exploit https://patchstack.com/database/vulnerability/modern-events-calendar/wordpress-modern-events-calendar-plugin-7-11-0-authenticated-arbitrary-file-upload-vulnerability?_a_id=350. I can see the update in my plugins list but it does not process.

Update: Oddly enough, deactivating and removing the plugin and the re-installing did allow me to update it to 7.10.0. Though the current patch needs to be 7.12.0+

Thanks Josh,

I raised some other vulnerabilities earlier, but can’t remember if MEC was one of them

We updated MEC sometime today. Have a great day.

1 Like

Hi @charlie

I am still getting this message for MEC
An error occurred while updating Modern Events Calendar: Update package not available.

We need to reach out to MEC about this. Currently I think you have to deactivate and delete the plugin and then when you install it from our extension manager it’ll be the latest version.

1 Like

Hi, it´s still only V 7.12. available…when do we have an updated version?

kind regards,
cy.

I sent a request to update the version. Unfortunately the developers did not got back to us on this update issue we are experiencing. So you’ll need to deactivate and possibly delete the old version before you update when we send it out. Have a great weekend.