2 matches found
CVE-2025-7663
The CVE describes an unauthorized-access vulnerability in the WordPress Ovatheme Events Manager plugin, caused by missing capability checks in the /class-ovaem-ajax.php file. Affected versions are up to and including 1.8.6. The flaw allows unauthenticated attackers to perform privileged actions s...
PT-2024-33622 · Unknown · Sam Glover Client Power Tools Portal
Name of the Vulnerable Software and Affected Versions: Sam Glover Client Power Tools Portal versions 1.8.6 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS attacks...