Information Exposure Vulnerability in EventON Lite Plugin for WordPress
CVE-2025-8091
What is CVE-2025-8091?
CVE-2025-8091 is an information exposure vulnerability affecting the EventON Lite plugin for WordPress, which is a widely used tool that allows users to manage and display events on their websites. The vulnerability exists in all versions up to and including 2.4.6, specifically through the add_single_eventon and add_eventon shortcodes. Due to insufficient access controls, an unauthenticated attacker can potentially extract sensitive data from posts that are supposed to be secured, including password-protected, private, or draft posts. This flaw could have serious repercussions, as organizations relying on this plugin for event management risk disclosing confidential information to unauthorized individuals.
Potential impact of CVE-2025-8091
-
Data Breach Risks: The exposure of sensitive information such as private event details, user data, or internal communications poses a significant risk to organizations, possibly leading to data breaches and compliance violations.
-
Reputation Damage: An organization suffering from information leaks due to this vulnerability may face reputational harm, eroding trust among customers, partners, and stakeholders.
-
Increased Attack Surface: By allowing unauthorized access to restricted content, the vulnerability may lead attackers to exploit further weaknesses within the organization's infrastructure, potentially escalating into more severe attacks.
Affected Version(s)
EventON – Events Calendar * <= 2.4.6