Vulnerability Description
The EventON Lite plugin for WordPress is vulnerable to Information Exposure in all versions less than, or equal to, 2.4.6 via the add_single_eventon and add_eventon shortcodes due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from password protected, private, or draft posts that they should not have access to.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://plugins.trac.wordpress.org/browser/eventon-lite/trunk/includes/calendar/
- https://plugins.trac.wordpress.org/browser/eventon-lite/trunk/includes/class-eve
- https://plugins.trac.wordpress.org/browser/eventon-lite/trunk/includes/class-evo
- https://plugins.trac.wordpress.org/browser/eventon-lite/trunk/includes/class-evo
- https://plugins.trac.wordpress.org/changeset/3345262
- https://wordpress.org/plugins/eventon-lite/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/421fcee2-a05d-4486-837
FAQ
What is CVE-2025-8091?
CVE-2025-8091 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The EventON Lite plugin for WordPress is vulnerable to Information Exposure in all versions less than, or equal to, 2.4.6 via the add_single_eventon and add_eventon shortcodes due to insufficient rest...
How severe is CVE-2025-8091?
CVE-2025-8091 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-8091?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.