Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

ovatheme — Vulnerabilities & Security Advisories 15

Browse all 15 CVE security advisories affecting ovatheme. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Ovatheme is a WordPress theme provider offering pre-designed templates for websites, primarily used by small to medium businesses. Historically, the platform has been susceptible to multiple security vulnerabilities, with 15 CVEs recorded, including remote code execution, cross-site scripting, and privilege escalation flaws. These vulnerabilities often stem from insufficient input validation and improper access controls. While no major public security incidents have been widely documented, the consistent pattern of vulnerabilities suggests ongoing security challenges that require regular updates and careful implementation by users.

Top products by ovatheme: BRW Ovatheme Events Manager Cube Portfolio eventlist Ireca Ovatheme Events Ova Advent Movie Booking Athens Remons Tripgo
CVE IDTitleCVSSSeverityPublished
CVE-2026-27093 WordPress Tripgo theme < 1.5.6 - Local File Inclusion vulnerability — TripgoCWE-98 8.1 High2026-03-19
CVE-2025-69090 WordPress Remons theme <= 1.3.4 - Local File Inclusion vulnerability — RemonsCWE-98 8.1 High2026-03-05
CVE-2025-67963 WordPress Movie Booking plugin <= 1.1.5 - Arbitrary File Deletion vulnerability — Movie BookingCWE-22 8.6 High2026-01-22
CVE-2025-49994 WordPress Athens theme <= 1.1.6 - Local File Inclusion vulnerability — AthensCWE-98 8.1 High2026-01-22
CVE-2025-7663 Ovatheme Events Manager <= 1.8.6 - Missing Authorization — Ovatheme Events ManagerCWE-862 6.5 Medium2025-11-08
CVE-2025-8561 Ova Advent <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Ova AdventCWE-87 6.4 Medium2025-10-15
CVE-2025-6553 Ovatheme Events Manager <= 1.8.5 - Unauthenticated Arbitrary File Upload — Ovatheme Events ManagerCWE-434 9.8 Critical2025-10-11
CVE-2025-54716 WordPress Ireca Theme <= 1.8.5 - Local File Inclusion Vulnerability — IrecaCWE-98 8.1 High2025-08-28
CVE-2025-53576 WordPress Ovatheme Events Plugin <= 1.2.8 - Local File Inclusion Vulnerability — Ovatheme EventsCWE-98 8.1 High2025-08-28
CVE-2025-53204 WordPress eventlist plugin <= 1.9.2 - Local File Inclusion Vulnerability — eventlistCWE-98 8.1 High2025-08-20
CVE-2025-52823 WordPress Cube Portfolio Plugin <= 1.16.8 - SQL Injection Vulnerability — Cube PortfolioCWE-89 8.5 High2025-08-14
CVE-2025-52814 WordPress BRW plugin <= 1.8.8 - Local File Inclusion Vulnerability — BRWCWE-98 8.1 High2025-06-27
CVE-2025-32510 WordPress Ovatheme Events Manager plugin <= 1.8.4 - Arbitrary File Upload vulnerability — Ovatheme Events ManagerCWE-434 10.0 Critical2025-06-17
CVE-2025-49314 WordPress BRW plugin <= 1.8.6 - Cross Site Scripting (XSS) Vulnerability — BRWCWE-79 6.5 Medium2025-06-06
CVE-2025-49313 WordPress BRW plugin <= 1.8.6 - Local File Inclusion Vulnerability — BRWCWE-98 7.5 High2025-06-06

This page lists every published CVE security advisory associated with ovatheme. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.