Lucene search

[email protected]CVE-2021-24146

HistoryMar 18, 2021 - 3:15 p.m.

CVE-2021-24146

2021-03-1815:15:15

CWE-284

CWE-862

[email protected]

web.nvd.nist.gov

cve-2021-24146

modern events calendar

wordpress plugin

authorization checks

unauthenticated access

data export

csv

xml

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.024 Low

EPSS

Percentile

90.1%

JSON

Lack of authorisation checks in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format for example.

Affected configurations

Vulners

NVD

Node

webnusmodern_events_calendar_liteRange<5.16.5

VendorProductVersionCPE
webnusmodern_events_calendar_lite*cpe:2.3:a:webnus:modern_events_calendar_lite:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
webnus	modern_events_calendar_lite	*	cpe:2.3:a:webnus:modern_events_calendar_lite::::::::

CNA Affected

[
  {
    "product": "Modern Events Calendar Lite",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "5.16.5",
        "status": "affected",
        "version": "5.16.5",
        "versionType": "custom"
      }
    ]
  }
]