CVE-2021-24146

HIGH NUCLEI

Modern Events Calendar Lite < 5.16.5 - Unauthenticated Information Disclosure via Export Function

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-24146. PoCs published by Ron Jost. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit leverages an unauthenticated information disclosure vulnerability in the Modern Events Calendar Lite WordPress plugin (versions before 5.16.5) to export event data in CSV format. It sends a crafted HTTP request to the vulnerable endpoint and prints the retrieved data.

Description

Lack of authorisation checks in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format for example.

Exploits (1)

exploitdb WORKING POC

by Ron Jost · pythonwebappsphp

https://www.exploit-db.com/exploits/50084

View Code ZIP pw:eip

This exploit leverages an unauthenticated information disclosure vulnerability in the Modern Events Calendar Lite WordPress plugin (versions before 5.16.5) to export event data in CSV format. It sends a crafted HTTP request to the vulnerable endpoint and prints the retrieved data.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Modern Events Calendar Lite WordPress plugin < 5.16.5

No auth needed

Prerequisites: Target WordPress site with vulnerable plugin installed · Network access to the target

MITRE ATT&CK

T1592 - Gather Victim Host Information

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

WordPress Modern Events Calendar Lite <5.16.5 - Sensitive Information Disclosure

HIGHby random_robbie

References (2)

Core 2

Core References

Exploit, Third Party Advisory x_refsource_misc

https://wpscan.com/vulnerability/c7b1ebd6-3050-4725-9c87-0ea525f8fecc

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/163345/WordPress-Modern-Events-Calendar-5.16.2-Information-Disclosure.html

Scores

CVSS v3 7.5

EPSS 0.3104

EPSS Percentile 98.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-284 CWE-862

Status published

Products (1)

webnus/modern_events_calendar_lite < 5.16.5

Published Mar 18, 2021

Tracked Since Feb 18, 2026