CVE-2025-8091 — Sensitive Information Exposure in Eventon Events Calendar

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.1%

top 76.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ashanjay Eventon Events Calendar

Timeline

PublishedAug 15

Description

The EventON Lite plugin for WordPress is vulnerable to Information Exposure in all versions less than, or equal to, 2.4.6 via the add_single_eventon and add_eventon shortcodes due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from password protected, private, or draft posts that they should not have access to.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

▶CVEListV5ashanjay/eventon_events_calendar2.4.7

🔴Vulnerability Details

GHSA

GHSA-f8wx-84f3-pjp7: The EventON Lite plugin for WordPress is vulnerable to Information Exposure in all versions less than, or equal to, 2↗2025-08-15

▶

CVEList

EventON Lite <= 2.4.7 - Authenticated (Contributor+) Information Disclosure↗2025-08-15

▶