Vulnerabilities > Missing Authorization

DATE CVE VULNERABILITY TITLE RISK
2025-05-07 CVE-2025-20164 A vulnerability in the Cisco Industrial Ethernet Switch Device Manager (DM) of Cisco IOS Software could allow an authenticated, remote attacker to elevate privileges. This vulnerability is due to insufficient validation of authorizations for authenticated users.
network
low complexity
CWE-862
8.3
2025-05-07 CVE-2025-3766 The Login Lockdown & Protection plugin for WordPress is vulnerable to unauthorized nonce access due to a missing capability check on the ajax_run_tool function in all versions up to, and including, 2.11.
network
low complexity
CWE-862
5.4
2025-05-07 CVE-2025-2821 The Search Exclude plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the get_rest_permission function in all versions up to, and including, 2.4.9.
network
low complexity
CWE-862
5.3
2025-05-06 CVE-2025-0856 The PGS Core plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.8.0.
network
low complexity
CWE-862
7.3
2025-05-05 CVE-2025-4282 A vulnerability has been found in SourceCodester/oretnom23 Stock Management System 1.0 and classified as problematic.
network
low complexity
CWE-862
4.3
2025-05-02 CVE-2024-13419 Missing Authorization vulnerability in G5Plus products
Multiple plugins and/or themes for WordPress using Smart Framework are vulnerable to Stored Cross-Site Scripting due to a missing capability check on the saveOptions() and importThemeOptions() functions in various versions.
network
low complexity
g5plus CWE-862
5.4
2025-05-02 CVE-2025-1326 Missing Authorization vulnerability in Favethemes Homey
The Homey theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the homey_reservation_del() function in all versions up to, and including, 2.4.4.
network
low complexity
favethemes CWE-862
4.3
2025-05-02 CVE-2025-3746 The OTP-less one tap Sign in plugin for WordPress is vulnerable to privilege escalation via account takeover in versions 2.0.14 to 2.0.59.
network
low complexity
CWE-862
critical
9.8
2025-05-02 CVE-2025-4177 Missing Authorization vulnerability in Flynax Bridge
The Flynax Bridge plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the deleteUser() function in all versions up to, and including, 2.2.0.
network
low complexity
flynax CWE-862
5.3
2025-05-01 CVE-2025-3952 The Projectopia – WordPress Project Management plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'pto_remove_logo' function in all versions up to, and including, 5.1.16.
network
low complexity
CWE-862
8.1