Primary

Context

Ovatheme Events Manager WordPress Plugin Unauthenticated Arbitrary File Upload Vulnerability

Vulnerability

A vulnerability allowing arbitrary file uploads has been identified in the Ovatheme Events Manager plugin for WordPress, affecting all versions through 1.8.5. The issue arises from inadequate file type validation in the process_checkout() function, enabling unauthenticated attackers to upload arbitrary files to the server, potentially leading to remote code execution.

Impact

Exploitation of this vulnerability could allow for unauthorized file uploads, which may be executed remotely, depending on the nature of the uploaded file.

Remediation

Users are advised to update the Ovatheme Events Manager plugin to version 1.8.6 or later.

Added: Oct 11, 2025, 9:17 AM

Updated: Oct 11, 2025, 9:17 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ovatheme Events Manager WordPress Plugin Unauthenticated Arbitrary File Upload Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating