Vulnerabilities > Missing Authorization

DATE CVE VULNERABILITY TITLE RISK
2025-02-12 CVE-2024-13374 Missing Authorization vulnerability in Joomunited WP Table Manager
The WP Table Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on thewptm_getFolders AJAX action in all versions up to, and including, 4.1.3.
network
low complexity
joomunited CWE-862
6.5
2025-02-12 CVE-2024-12164 Missing Authorization vulnerability in Creativewerkdesigns Wpsyncsheets
The WPSyncSheets Lite For WPForms – WPForms Google Spreadsheet Addon plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpsslwp_reset_settings() function in all versions up to, and including, 1.6.
network
low complexity
creativewerkdesigns CWE-862
4.3
2025-02-12 CVE-2024-13653 Missing Authorization vulnerability in Mvpthemes Zoxpress
The ZoxPress - The All-In-One WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'backup_options' function in all versions up to, and including, 2.12.0.
network
low complexity
mvpthemes CWE-862
8.8
2025-02-12 CVE-2024-13654 Missing Authorization vulnerability in Mvpthemes Zoxpress
The ZoxPress - The All-In-One WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'reset_options' function in all versions up to, and including, 2.12.0.
network
low complexity
mvpthemes CWE-862
8.1
2025-02-12 CVE-2024-13656 Missing Authorization vulnerability in Mvpthemes Click MAG
The Click Mag - Viral WordPress News Magazine/Blog Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the propanel_of_ajax_callback() function in all versions up to, and including, 3.6.0.
network
low complexity
mvpthemes CWE-862
8.1
2025-02-12 CVE-2024-13800 Missing Authorization vulnerability in Convertplug Convertplus
The ConvertPlus plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'cp_dismiss_notice' AJAX endpoint in all versions up to, and including, 3.5.30.
network
low complexity
convertplug CWE-862
8.1
2025-02-12 CVE-2024-13541 Missing Authorization vulnerability in Adirectory
The aDirectory – WordPress Directory Listing Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the adqs_delete_listing() function in all versions up to, and including, 2.3.
network
low complexity
adirectory CWE-862
5.4
2025-02-12 CVE-2024-13554 Missing Authorization vulnerability in Wpextended WP Extended
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reorder_route() function in all versions up to, and including, 3.0.13.
network
low complexity
wpextended CWE-862
5.3
2025-02-11 CVE-2024-13643 The Zox News - Professional WordPress News & Magazine Theme plugin for WordPress is vulnerable to unauthorized data modification.
network
low complexity
CWE-862
8.8
2025-02-11 CVE-2025-23189 Due to missing authorization check in an RFC enabled function module in transaction SDCCN, an authenticated attacker could generate technical meta-data.
network
low complexity
CWE-862
4.3