Lack of authorisation checks in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format for example.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/163345/WordPress-Modern-Events-Calendar-5.16.2-Information-Disclosure.html | Exploit Third Party Advisory VDB Entry |
https://wpscan.com/vulnerability/c7b1ebd6-3050-4725-9c87-0ea525f8fecc | Exploit Third Party Advisory |
http://packetstormsecurity.com/files/163345/WordPress-Modern-Events-Calendar-5.16.2-Information-Disclosure.html | Exploit Third Party Advisory VDB Entry |
https://wpscan.com/vulnerability/c7b1ebd6-3050-4725-9c87-0ea525f8fecc | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 05:52
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/163345/WordPress-Modern-Events-Calendar-5.16.2-Information-Disclosure.html - Exploit, Third Party Advisory, VDB Entry | |
References | () https://wpscan.com/vulnerability/c7b1ebd6-3050-4725-9c87-0ea525f8fecc - Exploit, Third Party Advisory |
30 Aug 2022, 22:42
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-862 |
03 Dec 2021, 18:09
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-284 | |
References |
|
Information
Published : 2021-03-18 15:15
Updated : 2024-11-21 05:52
NVD link : CVE-2021-24146
Mitre link : CVE-2021-24146
CVE.ORG link : CVE-2021-24146
JSON object : View
Products Affected
webnus
- modern_events_calendar_lite