What is CVE-2021-24146?

CVE-2021-24146 is a vulnerability in Modern Events Calendar Lite, classified under Improper Access Control. Published 2021-03-18.

Is CVE-2021-24146 known to be exploited?

6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Modern Events Calendar Lite

CVE-2021-24146

Lack of authorisation checks in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format…

EPSS: 0.765 (99.0th percentile) — read the EPSS interpretation.

Affected products

Unknown Modern Events Calendar Lite — versions 5.16.5

Weakness classification (CWE)

CWE-284 — Improper Access Control

Public proof-of-concept exploits

References

wpscan.com/vulnerability/c7b1ebd6-3050-4725-9c87-0ea525f8fecc (x_refsource_MISC)
packetstormsecurity.com/files/163345/WordPress-Modern-Events-Calendar-5.16.2-In… (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-24146?: CVE-2021-24146 is a vulnerability in Modern Events Calendar Lite, classified under Improper Access Control. Published 2021-03-18.
Is CVE-2021-24146 known to be exploited?: 6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.