AI description
Automated description summarized from trusted sources.
CVE-2025-8091 is an information exposure vulnerability affecting the EventON Lite plugin for WordPress. The vulnerability exists in versions 2.4.6 and earlier. It stems from insufficient restrictions on which posts can be included when using the `add_single_eventon` and `add_eventon` shortcodes. This vulnerability allows unauthenticated attackers to extract data from password-protected, private, or draft posts that they should not have access to.
- Description
- The EventON Lite plugin for WordPress is vulnerable to Information Exposure in all versions less than, or equal to, 2.4.6 via the add_single_eventon and add_eventon shortcodes due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from password protected, private, or draft posts that they should not have access to.
- Source
- security@wordfence.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 4.3
- Impact score
- 1.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
- security@wordfence.com
- CWE-200
- Hype score
- Not currently trending