Lucene search
K

20 matches found

CNVD
CNVD
added 2025/11/12 12:0 a.m.4 views

WordPress Ovatheme Events Manager plugin unauthorized access vulnerability

WordPress Ovatheme Events Manager plugin is an event management plugin for the WordPress platform that is used to create and manage event calendars, ticket sales and other features. WordPress Ovatheme Events Manager plugin suffers from an unauthorized access vulnerability that stems from a lack o...

6.5CVSS6.8AI score0.00181EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/09 3:57 a.m.13 views

CVE-2025-7663

The Ovatheme Events Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the /class-ovaem-ajax.php file in all versions up to, and including, 1.8.6. This makes it possible for unauthenticated attackers to delete ticket files,...

6.5CVSS5.4AI score0.00181EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/08 6:30 a.m.5 views

EUVD-2025-38357

The Ovatheme Events Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the /class-ovaem-ajax.php file in all versions up to, and including, 1.8.6. This makes it possible for unauthenticated attackers to delete ticket files,...

6.5CVSS5AI score0.00181EPSS
Exploits0References3
NVD
NVD
added 2025/11/08 4:15 a.m.6 views

CVE-2025-7663

The Ovatheme Events Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the /class-ovaem-ajax.php file in all versions up to, and including, 1.8.6. This makes it possible for unauthenticated attackers to delete ticket files,...

6.5CVSS0.00181EPSS
Exploits0References2
CVE
CVE
added 2025/11/08 3:27 a.m.24 views

CVE-2025-7663

The CVE describes an unauthorized-access vulnerability in the WordPress Ovatheme Events Manager plugin, caused by missing capability checks in the /class-ovaem-ajax.php file. Affected versions are up to and including 1.8.6. The flaw allows unauthenticated attackers to perform privileged actions s...

6.5CVSS5.1AI score0.00181EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/11/08 12:0 a.m.2 views

WordPress plugin Ovatheme Events Manager 安全漏洞

WordPress Ovatheme Events Manager plugin is an event management plugin for the WordPress platform that is used to create and manage event calendars, ticket sales and other features. WordPress Ovatheme Events Manager plugin suffers from an unauthorized access vulnerability that stems from a lack o...

6.5CVSS6.6AI score0.00181EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/08 12:0 a.m.6 views

PT-2025-45554

Name of the Vulnerable Software and Affected Versions Ovatheme Events Manager plugin for WordPress versions through 1.8.6 Description The Ovatheme Events Manager plugin for WordPress is susceptible to unauthorized access. A missing capability check on several functions within the...

6.5CVSS6.3AI score0.00181EPSS
Exploits0References5
NVD
NVD
added 2025/10/11 9:15 a.m.7 views

CVE-2025-6553

The Ovatheme Events Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the processcheckout function in all versions up to, and including, 1.8.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

9.8CVSS0.00697EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/10/11 8:29 a.m.10 views

CVE-2025-6553 Ovatheme Events Manager <= 1.8.5 - Unauthenticated Arbitrary File Upload

The Ovatheme Events Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the processcheckout function in all versions up to, and including, 1.8.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

9.8CVSS0.00697EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/11 8:29 a.m.1 views

CVE-2025-6553 Ovatheme Events Manager <= 1.8.5 - Unauthenticated Arbitrary File Upload

The Ovatheme Events Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the processcheckout function in all versions up to, and including, 1.8.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

9.8CVSS7.2AI score0.00697EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/10/11 12:0 a.m.5 views

PT-2025-41661

Name of the Vulnerable Software and Affected Versions Ovatheme Events Manager plugin for WordPress versions up to and including 1.8.5 Description The Ovatheme Events Manager plugin for WordPress is susceptible to arbitrary file uploads because of a lack of file type validation. This occurs in the...

9.8CVSS7.8AI score0.00697EPSS
Exploits0References11
CNNVD
CNNVD
added 2025/10/11 12:0 a.m.3 views

WordPress plugin Ovatheme Events Manager 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A code issue...

9.8CVSS7.7AI score0.00697EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/10/10 11:36 p.m.6 views

WordPress Ovatheme Events Manager plugin <= 1.8.5 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Foxyyy in WordPress Plugin Ovatheme Events Manager versions = 1.8.5...

9.8CVSS6.8AI score0.00697EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-18546

Malicious code in bioql PyPI...

10CVSS8.7AI score0.00417EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/06/19 3:20 p.m.5 views

CVE-2025-32510

Unrestricted Upload of File with Dangerous Type vulnerability in ovatheme Ovatheme Events Manager ova-events-manager allows Using Malicious Files.This issue affects Ovatheme Events Manager: from n/a through = 1.8.4...

10CVSS5.9AI score0.00417EPSS
Exploits0References1
NVD
NVD
added 2025/06/17 3:15 p.m.6 views

CVE-2025-32510

Unrestricted Upload of File with Dangerous Type vulnerability in ovatheme Ovatheme Events Manager ova-events-manager allows Using Malicious Files.This issue affects Ovatheme Events Manager: from n/a through = 1.8.4...

10CVSS0.00417EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/17 3:1 p.m.9 views

CVE-2025-32510 WordPress Ovatheme Events Manager plugin <= 1.8.4 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in ovatheme Ovatheme Events Manager ova-events-manager allows Using Malicious Files.This issue affects Ovatheme Events Manager: from n/a through = 1.8.4...

10CVSS0.00417EPSS
Exploits0References1
CVE
CVE
added 2025/06/17 3:1 p.m.27 views

CVE-2025-32510

CVE-2025-32510 : Unrestricted Upload of File with Dangerous Type in Ovatheme Events Manager (vulnerable: &lt;= 1.8.4) allows uploading malicious files. CVSSv3.1 base score 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H); impact is high confidentiality, integrity, and availability. Connected sources co...

10CVSS5.9AI score0.00417EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/06/17 12:0 a.m.2 views

WordPress plugin Ovatheme Events Manager 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...

10CVSS8.4AI score0.00417EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/06/17 12:0 a.m.3 views

PT-2025-25674 · Ovatheme · Ovatheme Events Manager

Name of the Vulnerable Software and Affected Versions: Ovatheme Events Manager versions 1.7.5 and earlier Description: The issue allows for the unrestricted upload of files with dangerous types, enabling the use of malicious files. Recommendations: For Ovatheme Events Manager versions 1.7.5 and...

10CVSS9.3AI score0.00417EPSS
Exploits0References4
Rows per page
Query Builder