Vulnerabilities > Missing Authorization

DATE CVE VULNERABILITY TITLE RISK
2025-02-15 CVE-2024-13513 Missing Authorization vulnerability in Oliverpos Oliver POS
The Oliver POS – A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.2.3 via the logging functionality.
network
low complexity
oliverpos CWE-862
critical
9.8
2025-02-13 CVE-2024-13639 Missing Authorization vulnerability in Edmonsoft Read More & Accordion
The Read More & Accordion plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the expmDeleteData() function in all versions up to, and including, 3.4.2.
network
low complexity
edmonsoft CWE-862
4.3
2025-02-13 CVE-2024-13229 Missing Authorization vulnerability in Rankmath SEO
The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the update_metadata() function in all versions up to, and including, 1.0.235.
network
low complexity
rankmath CWE-862
4.3
2025-02-12 CVE-2025-26372 Missing Authorization vulnerability in Q-Free Maxtime
A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove users from groups via crafted HTTP requests.
network
low complexity
q-free CWE-862
8.1
2025-02-12 CVE-2025-26374 Missing Authorization vulnerability in Q-Free Maxtime
A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua (users endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to enumerate users via crafted HTTP requests.
network
low complexity
q-free CWE-862
4.3
2025-02-12 CVE-2024-12296 Missing Authorization vulnerability in Apusthemes Superio
The Apus Framework plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'import_page_options' function in all versions up to, and including, 2.3.
network
low complexity
apusthemes CWE-862
8.8
2025-02-12 CVE-2024-13374 Missing Authorization vulnerability in Joomunited WP Table Manager
The WP Table Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on thewptm_getFolders AJAX action in all versions up to, and including, 4.1.3.
network
low complexity
joomunited CWE-862
6.5
2025-02-12 CVE-2024-12164 Missing Authorization vulnerability in Creativewerkdesigns Wpsyncsheets
The WPSyncSheets Lite For WPForms – WPForms Google Spreadsheet Addon plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpsslwp_reset_settings() function in all versions up to, and including, 1.6.
network
low complexity
creativewerkdesigns CWE-862
4.3
2025-02-12 CVE-2024-13653 Missing Authorization vulnerability in Mvpthemes Zoxpress
The ZoxPress - The All-In-One WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'backup_options' function in all versions up to, and including, 2.12.0.
network
low complexity
mvpthemes CWE-862
8.8
2025-02-12 CVE-2024-13654 Missing Authorization vulnerability in Mvpthemes Zoxpress
The ZoxPress - The All-In-One WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'reset_options' function in all versions up to, and including, 2.12.0.
network
low complexity
mvpthemes CWE-862
8.1