vulnerability

WordPress Plugin: modern-events-calendar-lite: CVE-2021-24146: Improper Access Control

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
Published
Jan 29, 2021
Added
May 15, 2025
Modified
May 15, 2025

Description

Lack of authorisation checks in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format for example.

Solution

modern-events-calendar-lite-plugin-cve-2021-24146
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.