CVE-2025-8091

MEDIUM

EventON Lite <2.4.6 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-8091. PoCs published by MooseLoveti.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2025-8091, an authenticated information disclosure vulnerability in EventON Lite <= 2.4.6. The vulnerability allows Contributor+ users to access sensitive details from unpublished events via the `get_single_event_data()` function due to improper validation of the `post_type` parameter.

Description

The EventON Lite plugin for WordPress is vulnerable to Information Exposure in all versions less than, or equal to, 2.4.6 via the add_single_eventon and add_eventon shortcodes due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from password protected, private, or draft posts that they should not have access to.

Exploits (1)

nomisec WRITEUP

by MooseLoveti · poc

https://github.com/MooseLoveti/EventON-Lite-CVE-Report

View Code ZIP pw:eip

This repository provides a detailed technical analysis of CVE-2025-8091, an authenticated information disclosure vulnerability in EventON Lite <= 2.4.6. The vulnerability allows Contributor+ users to access sensitive details from unpublished events via the `get_single_event_data()` function due to improper validation of the `post_type` parameter.

Classification

Writeup 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: EventON Lite WordPress plugin <= 2.4.6

Auth required

Prerequisites: Authenticated access as Contributor or higher · Knowledge of target event ID

MITRE ATT&CK