CVE-2025-8091: 
WordPress vulnerability analysis and mitigation

The EventON Lite plugin for WordPress contains an Information Exposure vulnerability (CVE-2025-8091) affecting all versions up to and including 2.4.6. The vulnerability was discovered on August 14, 2025, and publicly disclosed on August 15, 2025. This security issue affects the addsingleeventon and add_eventon shortcodes functionality in the plugin (NVD CVE).

The vulnerability stems from insufficient restrictions on which posts can be included when using the addsingleeventon and add_eventon shortcodes. The issue has been assigned a CVSS v3.1 Base Score of 4.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N. The vulnerability is classified as CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) (NVD CVE).

The vulnerability allows unauthenticated attackers to extract data from password-protected, private, or draft posts that they should not have access to. This unauthorized access to restricted content could potentially expose sensitive or confidential information that was intended to be private (NVD CVE).

Users should update to a version newer than 2.4.6 when available. As of the disclosure date, there is no official patch released. Website administrators should consider disabling the affected shortcodes or restricting access to them until a fix is available (NVD CVE).