The Modern Events Calendar Lite plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 7.21.9. This is due improper or insufficient validation of the id property when exporting calendars. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.
History

Fri, 06 Jun 2025 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 06 Jun 2025 04:00:00 +0000

Type Values Removed Values Added
Description The Modern Events Calendar Lite plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 7.21.9. This is due improper or insufficient validation of the id property when exporting calendars. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.
Title Modern Events Calendar <= 7.21.9 - Information Exposure
Weaknesses CWE-201
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2025-06-06T03:41:23.431Z

Updated: 2025-06-06T16:10:10.183Z

Reserved: 2025-06-05T15:04:36.173Z

Link: CVE-2025-5733

cve-icon Vulnrichment

Updated: 2025-06-06T15:44:14.809Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-06-06T04:16:01.840

Modified: 2025-06-06T14:07:28.330

Link: CVE-2025-5733

cve-icon Redhat

No data.