VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> Missing Authorization
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2025-04-03
CVE-2025-3150
A vulnerability was found in itning Student Homework Management System up to 1.2.7.
network
low complexity
CWE-862
4.3
4.3
2025-04-02
CVE-2024-13637
The Demo Awesome plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the install_plugin function in all versions up to, and including, 1.0.3.
network
low complexity
CWE-862
6.5
6.5
2025-04-02
CVE-2025-3063
The Shopper Approved Reviews plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajax_callback_update_sa_option() function in versions 2.0 to 2.1.
network
low complexity
CWE-862
8.8
8.8
2025-04-02
CVE-2025-2779
The Insert Headers and Footers Code – HT Script plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_dismiss function in all versions up to, and including, 1.1.2.
network
low complexity
CWE-862
6.5
6.5
2025-03-31
CVE-2025-3037
A vulnerability has been found in yzk2356911358 StudentServlet-JSP cc0cdce25fbe43b6c58b60a77a2c85f52d2102f5/d4d7a0643f1dae908a4831206f2714b21820f991 and classified as problematic.
network
low complexity
CWE-862
4.3
4.3
2025-03-29
CVE-2025-2266
The Checkout Mestres do WP for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the cwmpUpdateOptions() function in versions 8.6.5 to 8.7.5.
network
low complexity
CWE-862
critical
9.8
9.8
2025-03-28
CVE-2025-2815
The Administrator Z plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the adminz_import_backup() function in all versions up to, and including, 2025.03.24.
network
low complexity
CWE-862
8.8
8.8
2025-03-26
CVE-2025-2110
The WP Compress – Instant Performance & Speed Optimization plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to missing capability checks on its on its AJAX functions in all versions up to, and including, 6.30.15.
network
low complexity
CWE-862
8.8
8.8
2025-03-26
CVE-2024-13801
The BWL Advanced FAQ Manager plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'baf_set_notice_status' AJAX action in all versions up to, and including, 2.1.4.
network
low complexity
CWE-862
8.1
8.1
2025-03-26
CVE-2025-2276
The Ultimate Dashboard – Custom WordPress Dashboard plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle_module_actions function in all versions up to, and including, 3.8.7.
network
low complexity
CWE-862
4.3
4.3
«
1
(current)
2
3
4
5
...
260
261
»
Next