VYPR
← All advisories
Unrated severityNVD Advisory· Published Mar 18, 2021· Updated Aug 3, 2024

Modern Events Calendar Lite < 5.16.5 - Unauthenticated Events Export

CVE-2021-24146

Description

Lack of authorisation checks in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format for example.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Unauthenticated users can export all events data in CSV/XML from Modern Events Calendar Lite before 5.16.5 due to missing authorization checks.

Vulnerability

The Modern Events Calendar Lite WordPress plugin versions before 5.16.5 lack proper authorization checks on the export functionality. This allows any unauthenticated user to access export files and retrieve all events data in CSV or XML format [1].

Exploitation

An attacker can exploit this by directly requesting the export endpoints without any authentication or user interaction. No special privileges or network position is required; the attacker simply needs to know or guess the export URL [1].

Impact

Successful exploitation results in the disclosure of all events data, which may include sensitive information such as event details, attendee lists, or other private data. The impact is limited to information disclosure (confidentiality breach) with no direct effect on integrity or availability [1].

Mitigation

The vulnerability is fixed in version 5.16.5 of the plugin. Users should update to this version or later. No workaround is available for earlier versions [1].

References
  1. Modern Events Calendar Lite < 5.16.5 - Unauthenticated Events Export

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.