Modern Events Calendar Vulnerability / Update

Looks like the bundled ME Calendar plugin has a critical exploit https://patchstack.com/database/vulnerability/modern-events-calendar/wordpress-modern-events-calendar-plugin-7-11-0-authenticated-arbitrary-file-upload-vulnerability?_a_id=350. I can see the update in my plugins list but it does not process.

Update: Oddly enough, deactivating and removing the plugin and the re-installing did allow me to update it to 7.10.0. Though the current patch needs to be 7.12.0+

Thanks Josh,

I raised some other vulnerabilities earlier, but can’t remember if MEC was one of them

We updated MEC sometime today. Have a great day.

1 Like

Hi @charlie

I am still getting this message for MEC
An error occurred while updating Modern Events Calendar: Update package not available.

We need to reach out to MEC about this. Currently I think you have to deactivate and delete the plugin and then when you install it from our extension manager it’ll be the latest version.

1 Like