Vulnerabilities > CVE-2021-24146 - Missing Authorization vulnerability in Webnus Modern Events Calendar Lite

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
NONE
network
low complexity
webnus
CWE-862
NVD
Published: 2021-03-18
Updated: 2022-08-30

Summary

Lack of authorisation checks in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format for example.

Vulnerable Configurations

Part Description Count
Application
Webnus
96

Common Weakness Enumeration (CWE)

References