20 matches found
WordPress Ovatheme Events Manager plugin unauthorized access vulnerability
WordPress Ovatheme Events Manager plugin is an event management plugin for the WordPress platform that is used to create and manage event calendars, ticket sales and other features. WordPress Ovatheme Events Manager plugin suffers from an unauthorized access vulnerability that stems from a lack o...
CVE-2025-7663
The Ovatheme Events Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the /class-ovaem-ajax.php file in all versions up to, and including, 1.8.6. This makes it possible for unauthenticated attackers to delete ticket files,...
EUVD-2025-38357
The Ovatheme Events Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the /class-ovaem-ajax.php file in all versions up to, and including, 1.8.6. This makes it possible for unauthenticated attackers to delete ticket files,...
CVE-2025-7663
The Ovatheme Events Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the /class-ovaem-ajax.php file in all versions up to, and including, 1.8.6. This makes it possible for unauthenticated attackers to delete ticket files,...
CVE-2025-7663
The CVE describes an unauthorized-access vulnerability in the WordPress Ovatheme Events Manager plugin, caused by missing capability checks in the /class-ovaem-ajax.php file. Affected versions are up to and including 1.8.6. The flaw allows unauthenticated attackers to perform privileged actions s...
WordPress plugin Ovatheme Events Manager 安全漏洞
WordPress Ovatheme Events Manager plugin is an event management plugin for the WordPress platform that is used to create and manage event calendars, ticket sales and other features. WordPress Ovatheme Events Manager plugin suffers from an unauthorized access vulnerability that stems from a lack o...
PT-2025-45554
Name of the Vulnerable Software and Affected Versions Ovatheme Events Manager plugin for WordPress versions through 1.8.6 Description The Ovatheme Events Manager plugin for WordPress is susceptible to unauthorized access. A missing capability check on several functions within the...
CVE-2025-6553
The Ovatheme Events Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the processcheckout function in all versions up to, and including, 1.8.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...
CVE-2025-6553 Ovatheme Events Manager <= 1.8.5 - Unauthenticated Arbitrary File Upload
The Ovatheme Events Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the processcheckout function in all versions up to, and including, 1.8.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...
CVE-2025-6553 Ovatheme Events Manager <= 1.8.5 - Unauthenticated Arbitrary File Upload
The Ovatheme Events Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the processcheckout function in all versions up to, and including, 1.8.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...
PT-2025-41661
Name of the Vulnerable Software and Affected Versions Ovatheme Events Manager plugin for WordPress versions up to and including 1.8.5 Description The Ovatheme Events Manager plugin for WordPress is susceptible to arbitrary file uploads because of a lack of file type validation. This occurs in the...
WordPress plugin Ovatheme Events Manager 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A code issue...
WordPress Ovatheme Events Manager plugin <= 1.8.5 - Unauthenticated Arbitrary File Upload vulnerability
Unauthenticated Arbitrary File Upload vulnerability discovered by Foxyyy in WordPress Plugin Ovatheme Events Manager versions = 1.8.5...
EUVD-2025-18546
Malicious code in bioql PyPI...
CVE-2025-32510
Unrestricted Upload of File with Dangerous Type vulnerability in ovatheme Ovatheme Events Manager ova-events-manager allows Using Malicious Files.This issue affects Ovatheme Events Manager: from n/a through = 1.8.4...
CVE-2025-32510
Unrestricted Upload of File with Dangerous Type vulnerability in ovatheme Ovatheme Events Manager ova-events-manager allows Using Malicious Files.This issue affects Ovatheme Events Manager: from n/a through = 1.8.4...
CVE-2025-32510 WordPress Ovatheme Events Manager plugin <= 1.8.4 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in ovatheme Ovatheme Events Manager ova-events-manager allows Using Malicious Files.This issue affects Ovatheme Events Manager: from n/a through = 1.8.4...
CVE-2025-32510
CVE-2025-32510 : Unrestricted Upload of File with Dangerous Type in Ovatheme Events Manager (vulnerable: <= 1.8.4) allows uploading malicious files. CVSSv3.1 base score 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H); impact is high confidentiality, integrity, and availability. Connected sources co...
WordPress plugin Ovatheme Events Manager 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...
PT-2025-25674 · Ovatheme · Ovatheme Events Manager
Name of the Vulnerable Software and Affected Versions: Ovatheme Events Manager versions 1.7.5 and earlier Description: The issue allows for the unrestricted upload of files with dangerous types, enabling the use of malicious files. Recommendations: For Ovatheme Events Manager versions 1.7.5 and...