.. / CVE-2021-24146

Exploit for WordPress Modern Events Calendar Lite <5.16.5 - Sensitive Information Disclosure (CVE-2021-24146)

Description:

WordPress Modern Events Calendar Lite before 5.16.5 does not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format.

Nuclei Template

View the template here CVE-2021-24146.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2021/CVE-2021-24146.yaml

References:

https://github.com/ARPSyndicate/cvemon
https://github.com/Hacker5preme/Exploits
http://packetstormsecurity.com/files/163345/WordPress-Modern-Events-Calendar-5.16.2-Information-Disclosure.html
https://nvd.nist.gov/vuln/detail/CVE-2021-24146
https://wpscan.com/vulnerability/c7b1ebd6-3050-4725-9c87-0ea525f8fecc

.. / CVE-2021-24146 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for WordPress Modern Events Calendar Lite <5.16.5 - Sensitive Information Disclosure (CVE-2021-24146)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2021-24146