CVE-2021-24146
N/A
N/A
Summary
Lack of authorisation checks in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format for example.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Unknown | Modern Events Calendar Lite | 5.16.5 < 5.16.5 | affected |
Weaknesses
- CWE-284: CWE-284 Improper Access Control
ADP Enrichment
CVE Program Container
Additional References
- https://wpscan.com/vulnerability/c7b1ebd6-3050-4725-9c87-0ea525f8fecc
- http://packetstormsecurity.com/files/163345/WordPress-Modern-Events-Calendar-5.16.2-Information-Disclosure.html
References
- https://wpscan.com/vulnerability/c7b1ebd6-3050-4725-9c87-0ea525f8fecc
- http://packetstormsecurity.com/files/163345/WordPress-Modern-Events-Calendar-5.16.2-Information-Disclosure.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.