Vulnerabilities > Missing Authorization

DATE CVE VULNERABILITY TITLE RISK
2024-08-28 CVE-2024-8195 Missing Authorization vulnerability in Permalink Manager Lite Project Permalink Manager Lite
The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'debug_data', 'debug_query', and 'debug_redirect' functions in all versions up to, and including, 2.4.4.
network
low complexity
permalink-manager-lite-project CWE-862
5.3
2024-08-28 CVE-2024-7447 Missing Authorization vulnerability in Funnelforms Free
The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'fnsf_af2_handel_file_upload' function in all versions up to, and including, 3.7.3.2.
network
low complexity
funnelforms CWE-862
5.3
2024-08-27 CVE-2024-8199 Missing Authorization vulnerability in Smashballoon Reviews Feed
The Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_api_key' function in all versions up to, and including, 1.1.2.
network
low complexity
smashballoon CWE-862
4.3
2024-08-26 CVE-2024-43214 Missing Authorization vulnerability in Mycred
Missing Authorization vulnerability in myCred.This issue affects myCred: from n/a through 2.7.2.
network
low complexity
mycred CWE-862
5.3
2024-08-24 CVE-2024-6631 Missing Authorization vulnerability in Imagerecycle PDF & Image Compression
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions in all versions up to, and including, 3.1.14.
network
low complexity
imagerecycle CWE-862
4.3
2024-08-23 CVE-2024-7258 Missing Authorization vulnerability in Wpmarketingrobot Woocommerce Google Feed Manager
The WooCommerce Google Feed Manager plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'wppfm_removeFeedFile' function in all versions up to, and including, 2.8.0.
network
low complexity
wpmarketingrobot CWE-862
8.8
2024-08-21 CVE-2024-7030 Missing Authorization vulnerability in Zaytech Smart Online Order for Clover
The Smart Online Order for Clover plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.5.6.
network
low complexity
zaytech CWE-862
4.3
2024-08-21 CVE-2024-7032 Missing Authorization vulnerability in Zaytech Smart Online Order for Clover
The Smart Online Order for Clover plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'moo_deactivateAndClean' function in all versions up to, and including, 1.5.6.
network
low complexity
zaytech CWE-862
6.5
2024-08-21 CVE-2024-7390 Missing Authorization vulnerability in Starkdigital WP Testimonial Widget
The WP Testimonial Widget plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnSaveTestimonailOrder function in all versions up to, and including, 3.0.
network
low complexity
starkdigital CWE-862
5.3
2024-08-20 CVE-2024-5939 Missing Authorization vulnerability in Givewp
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'setup_wizard' function in all versions up to, and including, 3.13.0.
network
low complexity
givewp CWE-862
5.3