Vulnerabilities > Improper Authorization

DATE CVE VULNERABILITY TITLE RISK
2025-05-08 CVE-2025-29827 Improper Authorization in Azure Automation allows an authorized attacker to elevate privileges over a network.
network
low complexity
CWE-285
critical
9.9
2025-05-07 CVE-2025-4104 The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the fed_wp_ajax_fed_login_form_post() function in versions 1.0 to 2.2.6.
network
low complexity
CWE-285
critical
9.8
2025-05-07 CVE-2025-3921 The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handel_ajax_req() function in versions 1.9.1 to 7.5.2.
network
low complexity
CWE-285
8.2
2025-05-07 CVE-2025-3924 The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to unauthorized access of data via its publicly exposed reset-password endpoint.
network
low complexity
CWE-285
5.3
2025-05-03 CVE-2025-3918 The Job Listings plugin for WordPress is vulnerable to Privilege Escalation due to improper authorization within the register_action() function in versions 0.1 to 0.1.1.
network
low complexity
CWE-285
critical
9.8
2025-04-30 CVE-2025-30389 Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network.
network
high complexity
CWE-285
8.7
2025-04-30 CVE-2025-30390 Improper authorization in Azure allows an authorized attacker to elevate privileges over a network.
network
low complexity
CWE-285
critical
9.9
2025-04-30 CVE-2025-30392 Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network.
network
low complexity
CWE-285
critical
9.8
2025-04-08 CVE-2025-29794 Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
network
low complexity
CWE-285
8.8
2025-03-31 CVE-2025-26683 Improper authorization in Azure Playwright allows an unauthorized attacker to elevate privileges over a network.
network
high complexity
CWE-285
8.1