Primary

Context

Ovatheme Events Manager Missing Authorization Vulnerability

Vulnerability

A vulnerability exists in the Ovatheme Events Manager plugin for WordPress, all versions through 1.8.6, due to a lack of proper capability checks in the class-ovaem-ajax.php file. This oversight allows unauthenticated users to gain unauthorized access, potentially leading to the deletion of ticket files, unauthorized ticket downloads, and other malicious actions.

Impact

Exploitation of this vulnerability could result in unauthorized access, allowing attackers to delete ticket files and download tickets without proper authorization.

Remediation

Users are advised to update the Ovatheme Events Manager plugin to version 1.8.7 or a newer patched version.

Added: Nov 8, 2025, 4:17 AM

Updated: Nov 8, 2025, 4:17 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

7.4

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

7.4

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ovatheme Events Manager Missing Authorization Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating