VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> Missing Authorization
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2024-11-15
CVE-2024-10582
The Music Player for Elementor – Audio Player & Podcast Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the import_mpfe_template() function in all versions up to, and including, 2.4.1.
network
low complexity
CWE-862
4.3
4.3
2024-11-13
CVE-2024-10800
The WordPress User Extra Fields plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the ajax_save_fields() function in all versions up to, and including, 16.6.
network
low complexity
CWE-862
8.8
8.8
2024-11-13
CVE-2024-10802
The Hash Elements plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hash_elements_get_posts_title_by_id() function in all versions up to, and including, 1.4.7.
network
low complexity
CWE-862
5.3
5.3
2024-11-13
CVE-2024-10529
The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_assistant() function in all versions up to, and including, 2.1.7.
network
low complexity
CWE-862
5.3
5.3
2024-11-13
CVE-2024-10530
The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the add_new_assistant() function in all versions up to, and including, 2.1.7.
network
low complexity
CWE-862
4.3
4.3
2024-11-13
CVE-2024-10531
The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_assistant() function in all versions up to, and including, 2.1.7.
network
low complexity
CWE-862
5.3
5.3
2024-11-13
CVE-2024-10629
The GPX Viewer plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check and file type validation in the gpxv_file_upload() function in all versions up to, and including, 2.2.8.
network
low complexity
CWE-862
8.8
8.8
2024-11-13
CVE-2024-10717
The Styler for Ninja Forms plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the deactivate_license function in all versions up to, and including, 3.3.4.
network
low complexity
CWE-862
6.5
6.5
2024-11-13
CVE-2024-10853
The Buy one click WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the removeorder AJAX action in all versions up to, and including, 2.2.9.
network
low complexity
CWE-862
4.3
4.3
2024-11-13
CVE-2024-10854
The Buy one click WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the buy_one_click_import_options AJAX action in all versions up to, and including, 2.2.9.
network
low complexity
CWE-862
4.3
4.3
«
1
(current)
2
3
4
5
...
242
243
»
Next