WordPress · Eslint-Ban-Moment · CVE-2025-57754
Name of the Vulnerable Software and Affected Versions:
eslint-ban-moment versions 3.0.0 and earlier
Description:
The eslint-ban-moment plugin exposes a sensitive Supabase URI in the .env file. A valid Supabase URI containing a username and password grants an attacker complete unauthorized access and control over the database and user data, potentially leading to data exfiltration, modification, or deletion.
Recommendations:
Update to a version later than 3.0.0.