CVE-2021-24146

Опубликовано: 18 мар. 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Средний

Описание

Lack of authorisation checks in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format for example.

Ссылки

http://packetstormsecurity.com/files/163345/WordPress-Modern-Events-Calendar-5.16.2-Information-Disclosure.html
Exploit
Third Party Advisory
VDB Entry
https://wpscan.com/vulnerability/c7b1ebd6-3050-4725-9c87-0ea525f8fecc
Exploit
Third Party Advisory
http://packetstormsecurity.com/files/163345/WordPress-Modern-Events-Calendar-5.16.2-Information-Disclosure.html
Exploit
Third Party Advisory
VDB Entry
https://wpscan.com/vulnerability/c7b1ebd6-3050-4725-9c87-0ea525f8fecc
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:webnus:modern_events_calendar_lite:*:*:*:*:*:wordpress:*:*

Версия до 5.16.5 (исключая)

EPSS

Процентиль: 98%

0.59314

Средний

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-284

CWE-862

Связанные уязвимости

GHSA-2qh8-fp5p-2xx2