EUVD-2025-17050

| CVE-2025-5733 MEDIUM
2025-06-06 [email protected]
WordPress Information Disclosure PHP
5.3
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

3
Analysis Generated
Mar 14, 2026 - 18:10 vuln.today
EUVD ID Assigned
Mar 14, 2026 - 18:10 euvd
EUVD-2025-17050
CVE Published
Jun 06, 2025 - 04:16 nvd
MEDIUM 5.3

DescriptionNVD

The Modern Events Calendar Lite plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 7.21.9. This is due improper or insufficient validation of the id property when exporting calendars. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.

AnalysisAI

A security vulnerability in for WordPress is vulnerable to Full Path Disclosure in all (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Technical ContextAI

CWE-201 (Information Exposure via Sent Data). Affects for WordPress is vulnerable to Full Path Disclosure in all.

RemediationAI

Monitor vendor channels for patch availability.

Share

EUVD-2025-17050 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy