Vulnerabilities > Missing Authorization

DATE	CVE	VULNERABILITY TITLE	RISK
2025-05-21	CVE-2025-4105	The Splitit plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on several functions in the 'splitIt-flexfields-payment-gateway.php' file in all versions up to, and including, 4.2.8. network low complexity CWE-862	5.4
2025-05-19	CVE-2025-4477	The ThreatSonar Anti-Ransomware from TeamT5 has a Privilege Escalation vulnerability, allowing remote attackers with intermediate privileges to escalate their privileges to highest administrator level through a specific API. network low complexity CWE-862	7.2
2025-05-18	CVE-2025-4887	A vulnerability, which was classified as problematic, has been found in SourceCodester Online Student Clearance System 1.0. network low complexity CWE-862	4.3
2025-05-17	CVE-2025-3527	The EventON Pro plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'assets/lib/settings/settings.js' file in all versions up to, and including, 4.9.6. network low complexity CWE-862	6.4
2025-05-14	CVE-2025-4520	The Uncanny Automator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in versions up to, and including, 6.4.0.2. network low complexity CWE-862	5.4
2025-05-13	CVE-2025-4339	The TheGem theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxApi() function in all versions up to, and including, 5.10.3. network low complexity CWE-862	4.3
2025-05-13	CVE-2025-43000	Under certain conditions Promotion Management Wizard (PMW) allows an attacker to access information which would otherwise be restricted.This has High impact on Confidentiality with Low impact on Integrity and Availability of the application. local low complexity CWE-862	7.9
2025-05-13	CVE-2025-43004	Due to a security misconfiguration vulnerability, customers can develop Production Operator Dashboards (PODs) that enable outside users to access customer data when they access these dashboards. network low complexity CWE-862	5.3
2025-05-13	CVE-2025-43007	SAP Service Parts Management (SPM) does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. network low complexity CWE-862	6.3
2025-05-13	CVE-2025-43008	Due to missing authorization check, an unauthorized user can view the files of other company. network high complexity CWE-862	5.8

Vulnerabilities > Missing Authorization {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Missing Authorization"}]}

Vulnerabilities > Missing Authorization