Vulnerabilities > Missing Authorization

DATE CVE VULNERABILITY TITLE RISK
2025-04-03 CVE-2025-3150 A vulnerability was found in itning Student Homework Management System up to 1.2.7.
network
low complexity
CWE-862
4.3
2025-04-02 CVE-2024-13637 The Demo Awesome plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the install_plugin function in all versions up to, and including, 1.0.3.
network
low complexity
CWE-862
6.5
2025-04-02 CVE-2025-3063 The Shopper Approved Reviews plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajax_callback_update_sa_option() function in versions 2.0 to 2.1.
network
low complexity
CWE-862
8.8
2025-04-02 CVE-2025-2779 The Insert Headers and Footers Code – HT Script plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_dismiss function in all versions up to, and including, 1.1.2.
network
low complexity
CWE-862
6.5
2025-03-31 CVE-2025-3037 A vulnerability has been found in yzk2356911358 StudentServlet-JSP cc0cdce25fbe43b6c58b60a77a2c85f52d2102f5/d4d7a0643f1dae908a4831206f2714b21820f991 and classified as problematic.
network
low complexity
CWE-862
4.3
2025-03-29 CVE-2025-2266 The Checkout Mestres do WP for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the cwmpUpdateOptions() function in versions 8.6.5 to 8.7.5.
network
low complexity
CWE-862
critical
9.8
2025-03-28 CVE-2025-2815 The Administrator Z plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the adminz_import_backup() function in all versions up to, and including, 2025.03.24.
network
low complexity
CWE-862
8.8
2025-03-26 CVE-2025-2110 The WP Compress – Instant Performance & Speed Optimization plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to missing capability checks on its on its AJAX functions in all versions up to, and including, 6.30.15.
network
low complexity
CWE-862
8.8
2025-03-26 CVE-2024-13801 The BWL Advanced FAQ Manager plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'baf_set_notice_status' AJAX action in all versions up to, and including, 2.1.4.
network
low complexity
CWE-862
8.1
2025-03-26 CVE-2025-2276 The Ultimate Dashboard – Custom WordPress Dashboard plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle_module_actions function in all versions up to, and including, 3.8.7.
network
low complexity
CWE-862
4.3