WordPress · Eventon Lite · CVE-2025-8091
Name of the Vulnerable Software and Affected Versions:
EventON Lite versions prior to 2.4.7
Description:
The EventON Lite plugin for WordPress is vulnerable to Information Exposure in versions prior to 2.4.7 via the `add single eventon` and `add eventon` shortcodes. Insufficient restrictions on post inclusion allow unauthenticated attackers to extract data from password-protected, private, or draft posts without authorization.
Recommendations:
Update EventON Lite to version 2.4.7 or later.