CVE-2021-24146

HIGH NUCLEI

Webnus Modern Events Calendar Lite < 5.16.5 - Improper Access Control

Title source: rule

Description

Lack of authorisation checks in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format for example.

Exploits (1)

exploitdb WORKING POC

by Ron Jost · pythonwebappsphp

https://www.exploit-db.com/exploits/50084

View Code ZIP pw:eip

Nuclei Templates (1)

WordPress Modern Events Calendar Lite <5.16.5 - Sensitive Information Disclosure

HIGHby random_robbie

References (2)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/163345/WordPress-Modern-Events-Calendar-5.16.2-Information-Disclosure.html

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/c7b1ebd6-3050-4725-9c87-0ea525f8fecc

Scores

CVSS v3 7.5

EPSS 0.7539

EPSS Percentile 98.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-284 CWE-862

Status published

Products (1)

webnus/modern_events_calendar_lite < 5.16.5

Published Mar 18, 2021

Tracked Since Feb 18, 2026