The EventON Lite plugin for WordPress is vulnerable to Information Exposure in all versions less than, or equal to, 2.4.6 via the add_single_eventon and add_eventon shortcodes due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from password protected, private, or draft posts that they should not have access to.

Related CVEs

CVE-2025-8091

Key Information

GHSA ID

GHSA-f8wx-84f3-pjp7

Published

August 15, 2025 9:31 AM

Last Modified

August 15, 2025 9:31 AM

CVSS Score

5.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: August 23, 2025 6:28 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.