Vulnerabilities > Missing Authorization

DATE CVE VULNERABILITY TITLE RISK
2025-02-28 CVE-2025-1682 The Cardealer theme for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.4 due to missing capability check on the 'save_settings' function.
network
low complexity
CWE-862
8.8
2025-02-27 CVE-2025-1745 A vulnerability has been found in LinZhaoguan pb-cms 2.0 and classified as problematic.
network
low complexity
CWE-862
4.3
2025-02-25 CVE-2025-26871 Missing Authorization vulnerability in Wpdeveloper Essential Blocks
Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.
network
low complexity
wpdeveloper CWE-862
8.8
2025-02-25 CVE-2025-1644 Missing Authorization vulnerability in Modernasistemas Modernanet
A vulnerability classified as problematic has been found in Benner ModernaNet up to 1.2.0.
network
low complexity
modernasistemas CWE-862
6.5
2025-02-25 CVE-2025-1643 Missing Authorization vulnerability in Modernasistemas Modernanet
A vulnerability was found in Benner ModernaNet up to 1.1.0.
network
low complexity
modernasistemas CWE-862
8.8
2025-02-22 CVE-2025-1557 A vulnerability, which was classified as problematic, was found in OFCMS 1.1.3.
network
low complexity
CWE-862
4.3
2025-02-21 CVE-2025-1402 Missing Authorization vulnerability in Theeventscalendar Event Tickets
The Event Tickets and Registration plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'ajax_ticket_delete' function in all versions up to, and including, 5.19.1.1.
network
low complexity
theeventscalendar CWE-862
5.3
2025-02-20 CVE-2024-13520 Missing Authorization vulnerability in Codemenschen Gift Vouchers
The Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) plugin for WordPress is vulnerable to unauthorized modification of data|loss of data due to a missing capability check on the 'update_voucher_price', 'update_voucher_date', 'update_voucher_note' functions in all versions up to, and including, 4.4.6.
network
low complexity
codemenschen CWE-862
5.3
2025-02-20 CVE-2025-1483 Missing Authorization vulnerability in Wwexgroup LTL Freight Quotes
The LTL Freight Quotes – GlobalTranz Edition plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the engtz_wd_save_dropship AJAX endpoint in all versions up to, and including, 2.3.12.
network
low complexity
wwexgroup CWE-862
5.3
2025-02-19 CVE-2025-0968 Missing Authorization vulnerability in Wpmet Elementskit Elementor Addons
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.0 due to a missing capability checks on the get_megamenu_content() function.
network
low complexity
wpmet CWE-862
5.3