VYPR
Medium severity6.5NVD Advisory· Published Nov 8, 2025· Updated Apr 15, 2026

CVE-2025-7663

CVE-2025-7663

Description

The Ovatheme Events Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the /class-ovaem-ajax.php file in all versions up to, and including, 1.8.6. This makes it possible for unauthenticated attackers to delete ticket files, download tickets, and more.

Affected products

2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.