CVE-2025-5733
Modern Events Calendar <= 7.21.9 - Information ExposureThe Modern Events Calendar Lite plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 7.21.9. This is due improper or insufficient validation of the id property when exporting calendars. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.
We have discovered 27,899 live websites that are affected by CVE-2025-5733.
Affected Software
| Product |  Modern Events Calendar Lite |
| Category | Wordpress Plugins |
| Vulnerable Domains | 27,899 live websites (95% of Modern Events Calendar Lite install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 152 versions ( 99% of all versions) |
Common Weakness Enumeration
CWE-201 Insertion of Sensitive Information Into Sent DataDetails
- Published - Jun 6, 2025
- Updated - Jun 6, 2025
Credits
- Abdullah Shittu (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2025-5733 United States | 10,577 websites |
 Germany | 4,259 websites |
 France | 2,288 websites |
 Italy | 1,101 websites |
 GB | 894 websites |
 Netherlands | 887 websites |
 Spain | 666 websites |
 Brazil | 653 websites |
 Switzerland | 645 websites |
 Denmark | 472 websites |
Website Distribution by TLD
Number of websites using CVE-2025-5733| .com | 8,208 websites |
| .org | 4,598 websites |
| .de | 2,783 websites |
| .fr | 1,074 websites |
| .nl | 956 websites |
| .it | 913 websites |
| .ch | 527 websites |
| .ca | 507 websites |
| .net | 482 websites |
| .co.uk | 441 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2025-5733
Top websites that are affected by CVE-2025-5733. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *************************.***.au | United States | **,*** | |
| ******.**.il | United States | **,*** | |
| ********.**.il |  Israel | **,*** | |
| **********.***.il | Israel | **,*** | |
| ************.org | Germany | **,*** | |
| ********.com | United States | ***,*** | |
| **************.com | United States | ***,*** | |
| ******.net | Spain | ***,*** | |
| ***************.fr | United States | ***,*** | |
| ***************.net | Germany | ***,*** |
FAQ
CVE-2025-5733 is Insertion of Sensitive Information Into Sent Data in Modern Events Calendar Lite
A total of 27,899 websites have been identified as vulnerable to CVE-2025-5733, based on global website indexing conducted by WebTechSurvey.
The Modern Events Calendar Lite is affected by the CVE-2025-5733 vulnerability.
Modern Events Calendar Lite versions up to and including 7.21.9 are vulnerable to CVE-2025-5733.