The Modern Events Calendar Lite plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 7.21.9. This is due i

WORDPRESS

06-06-2025 14:08

CVE-2025-5733 Vulnerabilidad documentada

5.3 MEDIUM

Tags

#wordpress

#site

#plugin

#web

#form

#vulnerability

#website

#application

#affected

#improper

#attackers

#authenticated

#vulnerable

#attack

#affect

Descripción

The Modern Events Calendar Lite plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 7.21.9. This due improper or insufficient validation of the id property when exporting calendars. makes it possible unauthenticated attackers retrieve full path web application, which can be used aid other attacks. The information displayed not useful on its own, requires another vulnerability present damage an affected website.

https://webnus.net/dox/modern-events-calendar/

https://wordpress.org/plugins/modern-events-calendar-lite/

https://www.wordfence.com/threat-intel/vulnerabilities/id/e545b53e-7054-41dc-b69b-7552ef6c3240?source=cve

Referencia

Link externo

Ver detalles

Fuente

https://nvd.nist.gov/vuln/detail/CVE-2025-5733

Resultados similares

Coincidentes en almenos en 50% de los tags

07-06-2025 CVE-2025-5303
The LTL Freight Quotes – Freightview Edition, LTL Freight Quotes – Daylight Edition and LTL...
Ver información

07-06-2025 CVE-2025-5814
The Profiler – What Slowing Down Your WP plugin for WordPress is vulnerable to unauthorized m...
Ver información