Lucene search
K

9 matches found

Vulnrichment
Vulnrichment
added 2025/11/08 3:27 a.m.4 views

CVE-2025-7663 Ovatheme Events Manager <= 1.8.6 - Missing Authorization

The Ovatheme Events Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the /class-ovaem-ajax.php file in all versions up to, and including, 1.8.6. This makes it possible for unauthenticated attackers to delete ticket files,...

6.5CVSS4.8AI score0.00198EPSS
Exploits0References2
CVE
CVE
added 2025/11/08 3:27 a.m.25 views

CVE-2025-7663

The CVE describes an unauthorized-access vulnerability in the WordPress Ovatheme Events Manager plugin, caused by missing capability checks in the /class-ovaem-ajax.php file. Affected versions are up to and including 1.8.6. The flaw allows unauthenticated attackers to perform privileged actions s...

6.5CVSS5.1AI score0.00198EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/02/03 10:18 p.m.6 views

WordPress Eventer plugin <= 3.9.9.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by István Márton in WordPress Plugin Eventer versions = 3.9.9.5...

5.3CVSS8.3AI score0.0033EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/02/03 8:15 p.m.14 views

CVE-2024-11133

The Eventer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'handlepdfdownloadrequest' function in all versions up to, and including, 3.9.9.5. This makes it possible for unauthenticated attackers to download event tickets...

5.3CVSS0.0033EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/02/03 7:22 p.m.11 views

CVE-2024-11133 Eventer <= 3.9.9.5 - Missing Authorization to Unauthenticated Event Ticket Download

The Eventer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'handlepdfdownloadrequest' function in all versions up to, and including, 3.9.9.5. This makes it possible for unauthenticated attackers to download event tickets...

5.3CVSS7.2AI score0.0033EPSS
Exploits0References2
CVE
CVE
added 2025/02/03 7:22 p.m.56 views

CVE-2024-11133

CVE-2024-11133 affects the WordPress Eventer plugin (Eventer - WordPress Event & Booking Manager Plugin). A missing capability check in handle_pdf_download_request allows unauthenticated users to download event tickets across versions up to 3.9.9. Several connected sources confirm the vulnerabili...

5.3CVSS7.2AI score0.0033EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2025/02/03 12:0 a.m.4 views

WordPress plugin Eventer 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.3CVSS8.6AI score0.0033EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/11/28 1:47 p.m.7 views

CVE-2022-3511 Awesome Support < 6.1.2 - Subscriber+ Arbitrary Exported Tickets Download

The Awesome Support WordPress plugin before 6.1.2 does not ensure that the exported tickets archive to be downloaded belongs to the user making the request, allowing a low privileged user, such as subscriber to download arbitrary exported tickets via an IDOR vector...

7AI score0.00699EPSS
Exploits1References1
Cvelist
Cvelist
added 2017/09/20 4:0 p.m.21 views

CVE-2015-4074

Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the filename parameter in a ticket.downloadattachment task...

7.6AI score0.5651EPSS
Exploits5References4
Rows per page
Query Builder