VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> Missing Authorization
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2025-02-19
CVE-2024-13231
The WordPress Portfolio Builder – Portfolio Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'add_video' function in all versions up to, and including, 1.1.7.
network
low complexity
CWE-862
5.3
5.3
2025-02-19
CVE-2024-13364
The Raptive Ads plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the site_ads_files_reset() and cls_file_reset() functions in all versions up to, and including, 3.6.3.
network
low complexity
CWE-862
5.3
5.3
2025-02-19
CVE-2024-13468
The Trash Duplicate and 301 Redirect plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'duplicates-action-top' action in all versions up to, and including, 1.9.
network
low complexity
CWE-862
7.5
7.5
2025-02-19
CVE-2024-13719
The PeproDev Ultimate Invoice plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.8 via the invoicing viewer due to missing validation on a user controlled key.
network
low complexity
CWE-862
5.3
5.3
2025-02-18
CVE-2024-13783
The FormCraft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in formcraft-main.php in all versions up to, and including, 3.9.11.
network
low complexity
CWE-862
4.3
4.3
2025-02-18
CVE-2024-13316
The Scratch & Win – Giveaways and Contests.
network
low complexity
CWE-862
5.3
5.3
2025-02-18
CVE-2024-13556
The Affiliate Links: WordPress Plugin for Link Cloaking and Link Management plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.1 via deserialization of untrusted input from an file export.
network
high complexity
CWE-862
8.1
8.1
2025-02-18
CVE-2024-13677
The GetBookingsWP – Appointments Booking Calendar Plugin For WordPress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.1.27.
network
low complexity
CWE-862
8.8
8.8
2025-02-18
CVE-2024-13687
The Team Builder – Meet the Team plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_team_builder_options() function in all versions up to, and including, 1.3.
network
low complexity
CWE-862
4.3
4.3
2025-02-15
CVE-2024-13439
The Team – Team Members Showcase Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the response() function in all versions up to, and including, 4.4.9.
network
low complexity
CWE-862
4.3
4.3
«
1
(current)
2
3
4
5
...
246
247
»
Next