Enhancement: cves/2021/CVE-2021-24146.yaml by mp

2022-06-22 13:18:03 -04:00 · 2022-06-22 13:18:03 -04:00 · eeb59a3257
parent a459e577c3
commit eeb59a3257
1 changed files with 5 additions and 2 deletions
--- a/cves/2021/CVE-2021-24146.yaml
+++ b/cves/2021/CVE-2021-24146.yaml
@ -1,13 +1,14 @@
 id: CVE-2021-24146

 info:
-  name: Modern Events Calendar Lite < 5.16.5 - Unauthenticated Events Export
+  name: WordPress Modern Events Calendar Lite <5.16.5 - Sensitive Information Disclosure
  author: random_robbie
  severity: high
-  description: Lack of authorisation checks in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format for example.
+  description: WordPress Modern Events Calendar Lite before 5.16.5 does not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format.
  reference:
    - https://wpscan.com/vulnerability/c7b1ebd6-3050-4725-9c87-0ea525f8fecc
    - http://packetstormsecurity.com/files/163345/WordPress-Modern-Events-Calendar-5.16.2-Information-Disclosure.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-24146
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
    cvss-score: 7.5
@ -32,3 +33,5 @@ requests:
      - type: status
        status:
          - 200
+
+# Enhanced by mp on 2022/06/22