daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

CVE update

patch-1
sandeep 2021-04-23 08:47:52 +05:30
parent cc90359d26
commit 6cd5b9d35c
2 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
vulnerabilities/wordpress/wp-modern-events-calendar-lite.yml → cves/2021/CVE-2021-24146.yaml
View File

@ -1,11 +1,12 @@
id: wp-modern-events-calendar-lite
id: CVE-2021-24146
info:
name: Modern Events Calendar Lite < 5.16.5 - Unauthenticated Events Export
description: Lack of authorisation checks in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format for example.
author: random_robbie
severity: medium
tags: wordpress,wp-plugin
severity: high
reference: https://wpscan.com/vulnerability/c7b1ebd6-3050-4725-9c87-0ea525f8fecc
tags: wordpress,wp-plugin
requests:
- method: GET

2
workflows/wordpress-workflow.yaml
View File

@ -30,6 +30,7 @@ workflows:
- template: cves/2020/CVE-2020-14092.yaml
- template: cves/2020/CVE-2020-35951.yaml
- template: cves/2020/CVE-2020-35489.yaml
- template: cves/2021/CVE-2021-24146.yaml
- template: vulnerabilities/wordpress/wordpress-auth-bypass-wptimecapsule.yaml
- template: vulnerabilities/wordpress/wordpress-rce-simplefilelist.yaml
- template: vulnerabilities/wordpress/wordpress-total-upkeep-backup-download.yaml
@ -56,4 +57,3 @@ workflows:
- template: vulnerabilities/wordpress/wp-uploads-listing.yaml
- template: vulnerabilities/wordpress/wp-license-file.yaml
- template: vulnerabilities/wordpress/wordpress-infinitewp-auth-bypass.yaml
- template: vulnerabilities/wordpress/wp-modern-events-calendar-lite.yaml