Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-15 | CVE-2024-13513 | Missing Authorization vulnerability in Oliverpos Oliver POS The Oliver POS – A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.2.3 via the logging functionality. | 9.8 |
| 2025-02-13 | CVE-2024-13639 | Missing Authorization vulnerability in Edmonsoft Read More & Accordion The Read More & Accordion plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the expmDeleteData() function in all versions up to, and including, 3.4.2. | 4.3 |
| 2025-02-13 | CVE-2024-13229 | Missing Authorization vulnerability in Rankmath SEO The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the update_metadata() function in all versions up to, and including, 1.0.235. | 4.3 |
| 2025-02-12 | CVE-2025-26372 | Missing Authorization vulnerability in Q-Free Maxtime A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove users from groups via crafted HTTP requests. | 8.1 |
| 2025-02-12 | CVE-2025-26374 | Missing Authorization vulnerability in Q-Free Maxtime A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua (users endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to enumerate users via crafted HTTP requests. | 4.3 |
| 2025-02-12 | CVE-2024-12296 | Missing Authorization vulnerability in Apusthemes Superio The Apus Framework plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'import_page_options' function in all versions up to, and including, 2.3. | 8.8 |
| 2025-02-12 | CVE-2024-13374 | Missing Authorization vulnerability in Joomunited WP Table Manager The WP Table Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on thewptm_getFolders AJAX action in all versions up to, and including, 4.1.3. | 6.5 |
| 2025-02-12 | CVE-2024-12164 | Missing Authorization vulnerability in Creativewerkdesigns Wpsyncsheets The WPSyncSheets Lite For WPForms – WPForms Google Spreadsheet Addon plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpsslwp_reset_settings() function in all versions up to, and including, 1.6. | 4.3 |
| 2025-02-12 | CVE-2024-13653 | Missing Authorization vulnerability in Mvpthemes Zoxpress The ZoxPress - The All-In-One WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'backup_options' function in all versions up to, and including, 2.12.0. | 8.8 |
| 2025-02-12 | CVE-2024-13654 | Missing Authorization vulnerability in Mvpthemes Zoxpress The ZoxPress - The All-In-One WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'reset_options' function in all versions up to, and including, 2.12.0. | 8.1 |