Vulnerabilities > Missing Authorization

DATE CVE VULNERABILITY TITLE RISK
2025-04-25 CVE-2025-3912 The WS Form LITE – Drag & Drop Contact Form Builder for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_config' function in all versions up to, and including, 1.10.35.
network
low complexity
CWE-862
5.3
2025-04-25 CVE-2025-1279 The BM Content Builder plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ux_cb_tools_import_item_ajax AJAX action in all versions up to, and including, 3.16.2.1.
network
low complexity
CWE-862
8.8
2025-04-24 CVE-2021-47662 Due to missing authorization an unauthenticated remote attacker can cause a DoS attack by connecting via HTTPS and triggering the shutdown button.
network
low complexity
CWE-862
7.5
2025-04-24 CVE-2024-13307 The Reales WP - Real Estate WordPress Theme theme for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'reales_delete_file', 'reales_delete_file_plans', 'reales_add_to_favourites', and 'reales_remove_from_favourites' functions in all versions up to, and including, 2.1.2.
network
low complexity
CWE-862
5.3
2025-04-24 CVE-2025-3058 The Xelion Webchat plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the xwc_save_settings() function in all versions up to, and including, 9.1.0.
network
low complexity
CWE-862
8.8
2025-04-24 CVE-2025-3604 The Flynax Bridge plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.2.0.
network
low complexity
CWE-862
critical
9.8
2025-04-21 CVE-2025-3843 A vulnerability was found in panhainan DS-Java 1.0.
network
low complexity
CWE-862
4.3
2025-04-19 CVE-2025-3808 A vulnerability has been found in zhenfeng13 My-BBS 1.0 and classified as problematic.
network
low complexity
CWE-862
4.3
2025-04-16 CVE-2025-3687 A vulnerability, which was classified as problematic, has been found in misstt123 oasys 1.0.
network
low complexity
CWE-862
4.3
2025-04-14 CVE-2025-3561 A vulnerability was found in ghostxbh uzy-ssm-mall 1.0.0.
network
low complexity
CWE-862
4.3