WordPress Ovatheme Events Manager plugin unauthorized access vulnerability

WordPress Ovatheme Events Manager plugin is an event management plugin for the WordPress platform that is used to create and manage event calendars, ticket sales and other features. WordPress Ovatheme Events Manager plugin suffers from an unauthorized access vulnerability that stems from a lack o...

CVE-2025-7663

The Ovatheme Events Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the /class-ovaem-ajax.php file in all versions up to, and including, 1.8.6. This makes it possible for unauthenticated attackers to delete ticket files,...

EUVD-2025-38357

The Ovatheme Events Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the /class-ovaem-ajax.php file in all versions up to, and including, 1.8.6. This makes it possible for unauthenticated attackers to delete ticket files,...

CVE-2025-7663

The Ovatheme Events Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the /class-ovaem-ajax.php file in all versions up to, and including, 1.8.6. This makes it possible for unauthenticated attackers to delete ticket files,...

CVE-2025-7663

The CVE describes an unauthorized-access vulnerability in the WordPress Ovatheme Events Manager plugin, caused by missing capability checks in the /class-ovaem-ajax.php file. Affected versions are up to and including 1.8.6. The flaw allows unauthenticated attackers to perform privileged actions s...

PT-2025-45554

Name of the Vulnerable Software and Affected Versions Ovatheme Events Manager plugin for WordPress versions through 1.8.6 Description The Ovatheme Events Manager plugin for WordPress is susceptible to unauthorized access. A missing capability check on several functions within the...

WordPress plugin Ovatheme Events Manager 安全漏洞

WordPress Ovatheme Events Manager plugin is an event management plugin for the WordPress platform that is used to create and manage event calendars, ticket sales and other features. WordPress Ovatheme Events Manager plugin suffers from an unauthorized access vulnerability that stems from a lack o...

CVE-2025-6553

The Ovatheme Events Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the processcheckout function in all versions up to, and including, 1.8.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

CVE-2025-6553 Ovatheme Events Manager <= 1.8.5 - Unauthenticated Arbitrary File Upload

The Ovatheme Events Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the processcheckout function in all versions up to, and including, 1.8.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

CVE-2025-6553 Ovatheme Events Manager <= 1.8.5 - Unauthenticated Arbitrary File Upload

The Ovatheme Events Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the processcheckout function in all versions up to, and including, 1.8.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

PT-2025-41661

Name of the Vulnerable Software and Affected Versions Ovatheme Events Manager plugin for WordPress versions up to and including 1.8.5 Description The Ovatheme Events Manager plugin for WordPress is susceptible to arbitrary file uploads because of a lack of file type validation. This occurs in the...

WordPress plugin Ovatheme Events Manager 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A code issue...

WordPress Ovatheme Events Manager plugin <= 1.8.5 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Foxyyy in WordPress Plugin Ovatheme Events Manager versions = 1.8.5...

EUVD-2025-25986

Malicious code in bioql PyPI...

EUVD-2025-18546

Malicious code in bioql PyPI...

CVE-2025-53576

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ovatheme Ovatheme Events ova-events allows PHP Local File Inclusion.This issue affects Ovatheme Events: from n/a through = 1.2.8...

CVE-2025-53576 WordPress Ovatheme Events Plugin <= 1.2.8 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ovatheme Ovatheme Events ova-events allows PHP Local File Inclusion.This issue affects Ovatheme Events: from n/a through = 1.2.8...

CVE-2025-53576 WordPress Ovatheme Events Plugin <= 1.2.8 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ovatheme Ovatheme Events ova-events allows PHP Local File Inclusion.This issue affects Ovatheme Events: from n/a through = 1.2.8...

CVE-2025-53576

CVE-2025-53576 affects the WordPress plugin Ovatheme Events (versions up to and including 1.2.8). The vulnerability is described as an Improper Control of Filename for Include/Require Statement , i.e., a PHP Local File Inclusion (LFI) flaw that can be exploited without authentication. Public risk...

PT-2025-35061

Name of the Vulnerable Software and Affected Versions: Ovatheme Events versions through 1.2.8 Description: The software contains an Improper Control of Filename for Include/Require Statement, leading to a PHP Local File Inclusion issue. Recommendations: Versions prior to 1.2.8 are affected. At th...