Vulnerabilities > Missing Authorization

DATE CVE VULNERABILITY TITLE RISK
2025-02-19 CVE-2024-13364 Missing Authorization vulnerability in Raptive ADS
The Raptive Ads plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the site_ads_files_reset() and cls_file_reset() functions in all versions up to, and including, 3.6.3.
network
low complexity
raptive CWE-862
5.3
2025-02-19 CVE-2024-13468 The Trash Duplicate and 301 Redirect plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'duplicates-action-top' action in all versions up to, and including, 1.9.
network
low complexity
CWE-862
7.5
2025-02-19 CVE-2024-13719 Missing Authorization vulnerability in Pepro Peprodev Ultimate Invoice
The PeproDev Ultimate Invoice plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.8 via the invoicing viewer due to missing validation on a user controlled key.
network
low complexity
pepro CWE-862
5.3
2025-02-18 CVE-2024-13783 Missing Authorization vulnerability in Ncrafts Formcraft
The FormCraft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in formcraft-main.php in all versions up to, and including, 3.9.11.
network
low complexity
ncrafts CWE-862
4.3
2025-02-18 CVE-2024-13316 Missing Authorization vulnerability in Akashmalik Scracth & WIN
The Scratch & Win – Giveaways and Contests.
network
low complexity
akashmalik CWE-862
5.3
2025-02-18 CVE-2024-13677 Missing Authorization vulnerability in Istmoplugins GET Bookings WP
The GetBookingsWP – Appointments Booking Calendar Plugin For WordPress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.1.27.
network
low complexity
istmoplugins CWE-862
8.8
2025-02-18 CVE-2024-13687 Missing Authorization vulnerability in Webdevocean Team Builder
The Team Builder – Meet the Team plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_team_builder_options() function in all versions up to, and including, 1.3.
network
low complexity
webdevocean CWE-862
4.3
2025-02-15 CVE-2024-13439 Missing Authorization vulnerability in Techlabpro Team
The Team – Team Members Showcase Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the response() function in all versions up to, and including, 4.4.9.
network
low complexity
techlabpro CWE-862
4.3
2025-02-15 CVE-2024-13752 Missing Authorization vulnerability in Wedevs WP Project Manager
The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check in the '/pm/v2/settings/notice' endpoint all versions up to, and including, 2.6.17.
network
low complexity
wedevs CWE-862
6.5
2025-02-15 CVE-2025-0935 Missing Authorization vulnerability in Maxfoundry Media Library Folders
The Media Library Folders plugin for WordPress is vulnerable to unauthorized plugin settings change due to a missing capability check on several AJAX actions in all versions up to, and including, 8.3.0.
network
low complexity
maxfoundry CWE-862
4.3