CVE-2025-7663
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-11-08
Last updated on: 2025-11-12
Assigner: Wordfence
Description
Description
The Ovatheme Events Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the /class-ovaem-ajax.php file in all versions up to, and including, 1.8.6. This makes it possible for unauthenticated attackers to delete ticket files, download tickets, and more.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ovatheme | events_manager | 1.8.6 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The Ovatheme Events Manager plugin for WordPress has a vulnerability due to missing capability checks in several functions within the /class-ovaem-ajax.php file in all versions up to and including 1.8.6. This allows unauthenticated attackers to perform unauthorized actions such as deleting ticket files and downloading tickets.
How can this vulnerability impact me? :
This vulnerability can allow unauthenticated attackers to delete ticket files and download tickets, potentially leading to unauthorized data access and loss of important event ticket information.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70