From 6cd5b9d35c806da0adcd254e75634e20b43d4041 Mon Sep 17 00:00:00 2001
From: sandeep <8293321+ehsandeep@users.noreply.github.com>
Date: Fri, 23 Apr 2021 08:47:52 +0530
Subject: [PATCH] CVE update

---
 .../2021/CVE-2021-24146.yaml                               | 7 ++++---
 workflows/wordpress-workflow.yaml                          | 4 ++--
 2 files changed, 6 insertions(+), 5 deletions(-)
 rename vulnerabilities/wordpress/wp-modern-events-calendar-lite.yml => cves/2021/CVE-2021-24146.yaml (64%)

diff --git a/vulnerabilities/wordpress/wp-modern-events-calendar-lite.yml b/cves/2021/CVE-2021-24146.yaml
similarity index 64%
rename from vulnerabilities/wordpress/wp-modern-events-calendar-lite.yml
rename to cves/2021/CVE-2021-24146.yaml
index edb34941aa8..78fc6c8b483 100644
--- a/vulnerabilities/wordpress/wp-modern-events-calendar-lite.yml
+++ b/cves/2021/CVE-2021-24146.yaml
@@ -1,11 +1,12 @@
-id: wp-modern-events-calendar-lite
+id: CVE-2021-24146
 
 info:
   name: Modern Events Calendar Lite < 5.16.5 - Unauthenticated Events Export
+  description: Lack of authorisation checks in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format for example.
   author: random_robbie
-  severity: medium
-  tags: wordpress,wp-plugin
+  severity: high
   reference: https://wpscan.com/vulnerability/c7b1ebd6-3050-4725-9c87-0ea525f8fecc
+  tags: wordpress,wp-plugin
 
 requests:
   - method: GET
diff --git a/workflows/wordpress-workflow.yaml b/workflows/wordpress-workflow.yaml
index 4e38f131c8a..4af97c8033c 100644
--- a/workflows/wordpress-workflow.yaml
+++ b/workflows/wordpress-workflow.yaml
@@ -30,6 +30,7 @@ workflows:
           - template: cves/2020/CVE-2020-14092.yaml
           - template: cves/2020/CVE-2020-35951.yaml
           - template: cves/2020/CVE-2020-35489.yaml
+          - template: cves/2021/CVE-2021-24146.yaml
           - template: vulnerabilities/wordpress/wordpress-auth-bypass-wptimecapsule.yaml
           - template: vulnerabilities/wordpress/wordpress-rce-simplefilelist.yaml
           - template: vulnerabilities/wordpress/wordpress-total-upkeep-backup-download.yaml
@@ -55,5 +56,4 @@ workflows:
           - template: vulnerabilities/wordpress/wordpress-affiliatewp-log.yaml
           - template: vulnerabilities/wordpress/wp-uploads-listing.yaml
           - template: vulnerabilities/wordpress/wp-license-file.yaml
-          - template: vulnerabilities/wordpress/wordpress-infinitewp-auth-bypass.yaml
-          - template: vulnerabilities/wordpress/wp-modern-events-calendar-lite.yaml
\ No newline at end of file
+          - template: vulnerabilities/wordpress/wordpress-infinitewp-auth-bypass.yaml
\ No newline at end of file