Vulnerabilities > Missing Authorization

DATE	CVE	VULNERABILITY TITLE	RISK
2025-05-07	CVE-2025-20164	A vulnerability in the Cisco Industrial Ethernet Switch Device Manager (DM) of Cisco IOS Software could allow an authenticated, remote attacker to elevate privileges. This vulnerability is due to insufficient validation of authorizations for authenticated users. network low complexity CWE-862	8.3
2025-05-07	CVE-2025-3766	The Login Lockdown & Protection plugin for WordPress is vulnerable to unauthorized nonce access due to a missing capability check on the ajax_run_tool function in all versions up to, and including, 2.11. network low complexity CWE-862	5.4
2025-05-07	CVE-2025-2821	The Search Exclude plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the get_rest_permission function in all versions up to, and including, 2.4.9. network low complexity CWE-862	5.3
2025-05-06	CVE-2025-0856	The PGS Core plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.8.0. network low complexity CWE-862	7.3
2025-05-05	CVE-2025-4282	A vulnerability has been found in SourceCodester/oretnom23 Stock Management System 1.0 and classified as problematic. network low complexity CWE-862	4.3
2025-05-02	CVE-2024-13419	Missing Authorization vulnerability in G5Plus products Multiple plugins and/or themes for WordPress using Smart Framework are vulnerable to Stored Cross-Site Scripting due to a missing capability check on the saveOptions() and importThemeOptions() functions in various versions. network low complexity g5plus CWE-862	5.4
2025-05-02	CVE-2025-1326	Missing Authorization vulnerability in Favethemes Homey The Homey theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the homey_reservation_del() function in all versions up to, and including, 2.4.4. network low complexity favethemes CWE-862	4.3
2025-05-02	CVE-2025-3746	The OTP-less one tap Sign in plugin for WordPress is vulnerable to privilege escalation via account takeover in versions 2.0.14 to 2.0.59. network low complexity CWE-862 critical	9.8
2025-05-02	CVE-2025-4177	Missing Authorization vulnerability in Flynax Bridge The Flynax Bridge plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the deleteUser() function in all versions up to, and including, 2.2.0. network low complexity flynax CWE-862	5.3
2025-05-01	CVE-2025-3952	The Projectopia – WordPress Project Management plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'pto_remove_logo' function in all versions up to, and including, 5.1.16. network low complexity CWE-862	8.1

Vulnerabilities > Missing Authorization {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Missing Authorization"}]}

Vulnerabilities > Missing Authorization