Vulnerabilities > Missing Authorization

DATE CVE VULNERABILITY TITLE RISK
2025-04-08 CVE-2025-2568 The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on the 'vayu_blocks_get_toggle_switch_values_callback' and 'vayu_blocks_save_toggle_switch_callback' function in versions 1.0.4 to 1.2.1.
network
low complexity
CWE-862
5.3
2025-04-08 CVE-2025-2876 The MelaPress Login Security and MelaPress Login Security Premium plugins for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'monitor_admin_actions' function in version 2.1.0.
network
low complexity
CWE-862
5.3
2025-04-08 CVE-2025-2807 The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary plugin installations due to a missing capability check in the mvl_setup_wizard_install_plugin() function in all versions up to, and including, 1.4.64.
network
low complexity
CWE-862
8.8
2025-04-08 CVE-2025-3437 The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in the ajax_actions.php file in all versions up to, and including, 1.4.66.
network
low complexity
CWE-862
4.3
2025-04-08 CVE-2025-26657 SAP KMC WPC allows an unauthenticated attacker to remotely retrieve usernames by a simple parameter query which could expose sensitive information causing low impact on confidentiality of the application.
network
low complexity
CWE-862
5.3
2025-04-08 CVE-2025-27428 Due to directory traversal vulnerability, an authorized attacker could gain access to some critical information by using RFC enabled function module.
network
low complexity
CWE-862
7.7
2025-04-08 CVE-2025-27435 Under specific conditions and prerequisites, an unauthenticated attacker could access customer coupon codes exposed in the URL parameters of the Coupon Campaign URL in SAP Commerce.
network
high complexity
CWE-862
4.2
2025-04-08 CVE-2025-27437 A Missing Authorization Check vulnerability exists in the Virus Scanner Interface of SAP NetWeaver Application Server ABAP.
network
low complexity
CWE-862
4.3
2025-04-08 CVE-2025-30017 Due to a missing authorization check, an authenticated attacker could upload a file as a template for solution documentation in SAP Solution Manager 7.1.
local
low complexity
CWE-862
4.4
2025-04-05 CVE-2024-13776 The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'dzsap_delete_notice' AJAX action in all versions up to, and including, 6.91.
network
low complexity
CWE-862
8.1