Lack of authorisation checks in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format for example.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2021-03-18T14:57:50

Updated: 2024-08-03T19:21:18.297Z

Reserved: 2021-01-14T00:00:00

Link: CVE-2021-24146

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-03-18T15:15:15.480

Modified: 2024-11-21T05:52:27.863

Link: CVE-2021-24146

cve-icon Redhat

No data.