Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-09 | CVE-2023-2414 | Missing Authorization vulnerability in Vcita Online Booking & Scheduling Calendar The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_save_settings_callback function in versions up to, and including, 4.4.6. | 4.3 |
| 2023-06-09 | CVE-2023-2557 | Missing Authorization vulnerability in Pluginus Wordpress Currency Switcher Professional The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save function in versions up to, and including, 1.1.9. | 4.3 |
| 2023-06-07 | CVE-2021-4337 | Missing Authorization vulnerability in Xforwoocommerce products Sixteen XforWooCommerce Add-On Plugins for WordPress are vulnerable to authorization bypass due to a missing capability check on the wp_ajax_svx_ajax_factory function in various versions listed below. | 8.8 |
| 2023-06-07 | CVE-2019-25139 | Missing Authorization vulnerability in Wpshopmart Coming Soon Page & Maintenance Mode The Coming Soon Page & Maintenance Mode plugin for WordPress is vulnerable to unauthenticated settings reset in versions up to, and including 1.8.1 due to missing capability checks in the ~/functions/data-reset-post.php file which makes it possible for unauthenticated attackers to trigger a plugin settings reset. | 5.3 |
| 2023-06-07 | CVE-2019-25141 | Missing Authorization vulnerability in Wp-Ecommerce Easy WP Smtp The Easy WP SMTP plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.3.9. | 9.8 |
| 2023-06-07 | CVE-2019-25142 | Missing Authorization vulnerability in Extendthemes Materialis and Mesmerize The Mesmerize & Materialis themes for WordPress are vulnerable to authenticated options change in versions up to, and including,1.6.89 (Mesmerize) and 1.0.172 (Materialis). | 8.8 |
| 2023-06-07 | CVE-2019-25143 | Missing Authorization vulnerability in Mooveagency Gdpr Cookie Compliance The GDPR Cookie Compliance plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the gdpr_cookie_compliance_reset_settings AJAX action in versions up to, and including, 4.0.2. | 4.3 |
| 2023-06-07 | CVE-2020-36696 | Missing Authorization vulnerability in Tychesoftwares Product Input Fields for Woocommerce The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handle_downloads() function in versions up to, and including, 1.2.6. | 7.5 |
| 2023-06-07 | CVE-2020-36697 | Missing Authorization vulnerability in Appsaloon WP Gdpr The WP GDPR plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in versions up to, and including, 2.1.1. | 6.5 |
| 2023-06-07 | CVE-2020-36699 | Missing Authorization vulnerability in Quick Page/Post Redirect Project Quick Page/Post Redirect The Quick Page/Post Redirect Plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the qppr_save_quick_redirect_ajax and qppr_delete_quick_redirect functions in versions up to, and including, 5.1.9. | 4.3 |