CVE-2021-24146

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-24146

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-24146.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-24146

Published

2021-03-18T15:15:15.480Z

Modified

2026-03-14T08:23:53.363212Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

Lack of authorisation checks in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format for example.

References

Affected packages

Git / github.com/webnuswp/modern-events-calendar-lite

Affected ranges

Type

GIT

Repo

https://github.com/webnuswp/modern-events-calendar-lite

Events

Introduced

Fixed

2cf923ae6ac8957825b179a850fc8e41fac98bc9

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "5.16.5"
        }
    ]
}

Affected versions

4.*

4.7.7

4.8.1

4.8.2

4.8.3

4.8.5

5.*

5.0.0

5.0.1

5.0.2

5.0.5

5.1.0

5.1.5

5.1.6

5.1.7

5.1.8

5.10.0

5.10.5

5.11.0

5.11.5

5.12.0

5.12.5

5.12.6

5.13.0

5.13.1

5.13.5

5.13.6

5.14.0

5.15.0

5.15.5

5.16.0

5.16.1

5.16.2

5.2.0

5.2.1

5.2.2

5.2.3

5.2.5

5.2.6

5.2.7

5.3.0

5.3.5

5.4.0

5.4.5

5.4.6

5.5.0

5.6.0

5.6.1

5.6.5

5.7.0

5.7.5

5.8.0

5.8.5

5.9.0

5.9.5

v4.*

v4.7.6

v4.9.0

v4.9.5

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-24146.json"