Vulnerabilities > Missing Authorization

DATE CVE VULNERABILITY TITLE RISK
2025-03-31 CVE-2025-3037 A vulnerability has been found in yzk2356911358 StudentServlet-JSP cc0cdce25fbe43b6c58b60a77a2c85f52d2102f5/d4d7a0643f1dae908a4831206f2714b21820f991 and classified as problematic.
network
low complexity
CWE-862
4.3
2025-03-29 CVE-2025-2266 The Checkout Mestres do WP for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the cwmpUpdateOptions() function in versions 8.6.5 to 8.7.5.
network
low complexity
CWE-862
critical
9.8
2025-03-28 CVE-2025-2815 The Administrator Z plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the adminz_import_backup() function in all versions up to, and including, 2025.03.24.
network
low complexity
CWE-862
8.8
2025-03-26 CVE-2025-2110 The WP Compress – Instant Performance & Speed Optimization plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to missing capability checks on its on its AJAX functions in all versions up to, and including, 6.30.15.
network
low complexity
CWE-862
8.8
2025-03-26 CVE-2024-13801 The BWL Advanced FAQ Manager plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'baf_set_notice_status' AJAX action in all versions up to, and including, 2.1.4.
network
low complexity
CWE-862
8.1
2025-03-26 CVE-2025-2276 The Ultimate Dashboard – Custom WordPress Dashboard plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle_module_actions function in all versions up to, and including, 3.8.7.
network
low complexity
CWE-862
4.3
2025-03-25 CVE-2025-2224 The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'parse_query' function in all versions up to, and including, 8.2.
network
low complexity
CWE-862
5.3
2025-03-22 CVE-2025-1408 Missing Authorization vulnerability in Metagauss Profilegrid
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pm_decline_join_group_request and pm_approve_join_group_request functions in all versions up to, and including, 5.9.4.4.
network
low complexity
metagauss CWE-862
4.3
2025-03-22 CVE-2024-13737 Missing Authorization vulnerability in Stylemixthemes Motors - CAR Dealer, Classifieds & Listing
The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability checks on the motors_create_template and motors_delete_template functions in all versions up to, and including, 1.4.57.
network
low complexity
stylemixthemes CWE-862
4.3
2025-03-21 CVE-2025-2589 Missing Authorization vulnerability in Code-Projects Human Resource Management 1.0.1
A vulnerability was found in code-projects Human Resource Management System 1.0.1 and classified as critical.
network
low complexity
code-projects CWE-862
critical
9.8