CybrWolf

Menu

CVE-2025-5733: Full Path Disclosure Vulnerability in Modern Events Calendar Lite Plugin for WordPress

CVE-2025-5733 is a recently disclosed vulnerability affecting the Modern Events Calendar Lite plugin for WordPress (versions ≤ 7.21.9). The flaw allows unauthenticated attackers to retrieve the full path of the web application, potentially aiding in further attacks.

Vulnerability Details

  • CVE ID: CVE-2025-5733
  • Plugin Affected: Modern Events Calendar Lite for WordPress
  • Affected Versions: ≤ 7.21.9
  • CWE Identifier: CWE-201 – Insertion of Sensitive Information Into Sent Data
  • CVSS v3.1 Score: 5.3 (Medium)
  • Attack Vector: Network
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: None
  • Availability Impact: None

Exploitation Path

The vulnerability stems from improper validation of the id property when exporting calendars. This oversight allows unauthenticated attackers to access the full path of the web application. While the disclosed information isn’t harmful on its own, it can be leveraged in conjunction with other vulnerabilities to facilitate more severe attacks.

Mitigation Steps

If you are using the Modern Events Calendar Lite plugin:

  1. Check Your Version: Ensure you are not running version 7.21.9 or earlier.
  2. Update the Plugin: Upgrade to the latest version where this vulnerability has been addressed.
  3. Review Access Logs: Monitor for any unusual activity that may indicate exploitation attempts.
  4. Implement Security Best Practices: Ensure your server’s file permissions and configurations adhere to security best practices to minimize potential risks.

References & Attribution

Wordfence Vulnerability Report – Original disclosure and technical details
© 2012–2025 Defiant Inc. Licensed for redistribution under Defiant’s license for software vulnerability information.

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/modern-events-calendar-lite/wordpress-plugin-7219-information-exposure

NVD Entry for CVE-2025-5733 – National Vulnerability Database summary

https://nvd.nist.gov/vuln/detail/CVE-2025-5733

MITRE CVE Program â€“ Source of CVE metadata and classification
© 1999–2025 The MITRE Corporation. Licensed under the MITRE CVE Terms of Use.
https://www.cve.org/Legal/TermsOfUse

Subscribe to CybrWolf and stay ahead of threats.

Tagged