Security Advisory

CVE-2025-7663

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-11-08 03:27:47

Last updated 2026-04-08 16:53:12

Assigner Wordfence

State PUBLISHED

Description

The Ovatheme Events Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the /class-ovaem-ajax.php file in all versions up to, and including, 1.8.6. This makes it possible for unauthenticated attackers to delete ticket files, download tickets, and more.

← Browse all CVEs View on cve.org ↗