VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> Missing Authorization
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2024-12-14
CVE-2024-11715
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the assignUserRole() function in all versions up to, and including, 2.2.2.
network
high complexity
CWE-862
4.8
4.8
2024-12-13
CVE-2024-10783
The MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites plugin for WordPress is vulnerable to privilege escalation due to a missing authorization checks on the register_site function in all versions up to, and including, 5.2 when a site is left in an unconfigured state.
network
high complexity
CWE-862
8.1
8.1
2024-12-13
CVE-2024-11911
The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the install_woocommerce_plugin() function action in all versions up to, and including, 2.1.12.
network
low complexity
CWE-862
4.3
4.3
2024-12-13
CVE-2024-12300
The AR for WordPress plugin for WordPress is vulnerable to unauthorized double extension file upload due to a missing capability check on the set_ar_featured_image() function in all versions up to, and including, 7.3.
network
high complexity
CWE-862
3.7
3.7
2024-12-12
CVE-2024-11724
The Cookie Consent for WP – Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpl_script_save AJAX action in all versions up to, and including, 3.6.5.
network
low complexity
CWE-862
4.3
4.3
2024-12-12
CVE-2024-12201
The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check when creating form styles in all versions up to, and including, 1.2.1.
network
low complexity
CWE-862
4.3
4.3
2024-12-12
CVE-2024-12018
The Snippet Shortcodes plugin for WordPress is vulnerable to unauthorized Shortcode Deletion due to missing authorization in all versions up to, and including, 4.1.6.
network
low complexity
CWE-862
4.3
4.3
2024-12-12
CVE-2024-12172
The WP Courses LMS – Online Courses Builder, eLearning Courses, Courses Solution, Education Courses plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpc_update_user_meta_option() function in all versions up to, and including, 3.2.21.
network
low complexity
CWE-862
7.5
7.5
2024-12-12
CVE-2024-12263
The Child Theme Creator by Orbisius plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cloud_delete() and cloud_update() functions in all versions up to, and including, 1.5.5.
network
low complexity
CWE-862
4.3
4.3
2024-12-12
CVE-2024-12265
The Web3 Crypto Payments by DePay for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /wp-json/depay/wc/debug REST API endpoint in all versions up to, and including, 2.12.17.
network
low complexity
CWE-862
5.3
5.3
«
1
(current)
2
3
4
5
...
227
228
»
Next