9 matches found
CVE-2025-7663 Ovatheme Events Manager <= 1.8.6 - Missing Authorization
The Ovatheme Events Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the /class-ovaem-ajax.php file in all versions up to, and including, 1.8.6. This makes it possible for unauthenticated attackers to delete ticket files,...
CVE-2025-7663
The CVE describes an unauthorized-access vulnerability in the WordPress Ovatheme Events Manager plugin, caused by missing capability checks in the /class-ovaem-ajax.php file. Affected versions are up to and including 1.8.6. The flaw allows unauthenticated attackers to perform privileged actions s...
WordPress Eventer plugin <= 3.9.9.5 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by István Márton in WordPress Plugin Eventer versions = 3.9.9.5...
CVE-2024-11133
The Eventer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'handlepdfdownloadrequest' function in all versions up to, and including, 3.9.9.5. This makes it possible for unauthenticated attackers to download event tickets...
CVE-2024-11133 Eventer <= 3.9.9.5 - Missing Authorization to Unauthenticated Event Ticket Download
The Eventer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'handlepdfdownloadrequest' function in all versions up to, and including, 3.9.9.5. This makes it possible for unauthenticated attackers to download event tickets...
CVE-2024-11133
CVE-2024-11133 affects the WordPress Eventer plugin (Eventer - WordPress Event & Booking Manager Plugin). A missing capability check in handle_pdf_download_request allows unauthenticated users to download event tickets across versions up to 3.9.9. Several connected sources confirm the vulnerabili...
WordPress plugin Eventer 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2022-3511 Awesome Support < 6.1.2 - Subscriber+ Arbitrary Exported Tickets Download
The Awesome Support WordPress plugin before 6.1.2 does not ensure that the exported tickets archive to be downloaded belongs to the user making the request, allowing a low privileged user, such as subscriber to download arbitrary exported tickets via an IDOR vector...
CVE-2015-4074
Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the filename parameter in a ticket.downloadattachment task...