Ovatheme Events Manager vulnerabilities
3 known vulnerabilities affecting ovatheme/ovatheme_events_manager.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2025-6553P2CRITICALCVSS 9.8≤ 1.8.52025-10-11
CVE-2025-6553 [CRITICAL] CWE-434 CVE-2025-6553: The Ovatheme Events Manager plugin for WordPress is vulnerable to arbitrary file uploads due to miss
The Ovatheme Events Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the process_checkout() function in all versions up to, and including, 1.8.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution
nvd
CVE-2025-32510P2CRITICALCVSS 10.0≤ 1.8.42025-06-17
CVE-2025-32510 [CRITICAL] CWE-434 CVE-2025-32510: Unrestricted Upload of File with Dangerous Type vulnerability in ovatheme Ovatheme Events Manager ov
Unrestricted Upload of File with Dangerous Type vulnerability in ovatheme Ovatheme Events Manager ova-events-manager allows Using Malicious Files.This issue affects Ovatheme Events Manager: from n/a through <= 1.8.4.
nvd
CVE-2025-7663P3MEDIUMCVSS 6.5≤ 1.8.62025-11-08
CVE-2025-7663 [MEDIUM] CWE-862 CVE-2025-7663: The Ovatheme Events Manager plugin for WordPress is vulnerable to unauthorized access due to a missi
The Ovatheme Events Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the /class-ovaem-ajax.php file in all versions up to, and including, 1.8.6. This makes it possible for unauthenticated attackers to delete ticket files, download tickets, and more.
nvd