admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-06-20 18:00:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add CVE-2021-24146

Browse Source
This commit is contained in:
xiaoheihei1107 2021-08-25 17:49:41 +08:00 committed by GitHub
parent e6fb4cc994
commit bfb42f35ec
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
WordPress/CVE-2021-24146/README.md Normal file
View File

@ -0,0 +1,9 @@
# WordPress Modern Events Calendar Lite file export (CVE-2021-24146)
Lack of authorisation checks in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format for example.
FOFA **query rule**: [app="wordpress"](https://fofa.so/result?qbase64=YXBwPSJ3b3JkcHJlc3Mi)
# Demo
![WordPress_Modern_Events_Calendar_Lite_file_export_CVE_2021_24146](WordPress_Modern_Events_Calendar_Lite_file_export_CVE_2021_24146.gif)