From bfb42f35ecf66bea73e8d3c6d1300e68ff78cf6e Mon Sep 17 00:00:00 2001
From: xiaoheihei1107 <62200676+xiaoheihei1107@users.noreply.github.com>
Date: Wed, 25 Aug 2021 17:49:41 +0800
Subject: [PATCH] Add CVE-2021-24146

---
 WordPress/CVE-2021-24146/README.md | 9 +++++++++
 1 file changed, 9 insertions(+)
 create mode 100644 WordPress/CVE-2021-24146/README.md

diff --git a/WordPress/CVE-2021-24146/README.md b/WordPress/CVE-2021-24146/README.md
new file mode 100644
index 0000000..7808fb3
--- /dev/null
+++ b/WordPress/CVE-2021-24146/README.md
@@ -0,0 +1,9 @@
+# WordPress Modern Events Calendar Lite file export (CVE-2021-24146)
+
+Lack of authorisation checks in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format for example.
+
+FOFA **query rule**: [app="wordpress"](https://fofa.so/result?qbase64=YXBwPSJ3b3JkcHJlc3Mi)
+
+# Demo
+
+![WordPress_Modern_Events_Calendar_Lite_file_export_CVE_2021_24146](WordPress_Modern_Events_Calendar_Lite_file_export_CVE_2021_24146.gif)