PT-2025-34243 · WordPress · Eslint-Ban-Moment

Kristoferfannar

Published

2025-08-21

Updated

2025-08-22

CVE-2025-57754

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: eslint-ban-moment versions 3.0.0 and earlier

Description: The eslint-ban-moment plugin exposes a sensitive Supabase URI in the .env file. A valid Supabase URI containing a username and password grants an attacker complete unauthorized access and control over the database and user data, potentially leading to data exfiltration, modification, or deletion.

Recommendations: Update to a version later than 3.0.0.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-260

Related Identifiers

CVE-2025-57754

GHSA-2486-4CJG-PW98

Affected Products

Eslint-Ban-Moment

PT-2025-34243 · WordPress · Eslint-Ban-Moment

CVE-2025-57754

Weakness Enumeration

Related Identifiers

Affected Products

References · 9