Vulnerabilities > Missing Authorization

DATE CVE VULNERABILITY TITLE RISK
2025-02-11 CVE-2024-13643 The Zox News - Professional WordPress News & Magazine Theme plugin for WordPress is vulnerable to unauthorized data modification.
network
low complexity
CWE-862
8.8
2025-02-11 CVE-2025-23189 Due to missing authorization check in an RFC enabled function module in transaction SDCCN, an authenticated attacker could generate technical meta-data.
network
low complexity
CWE-862
4.3
2025-02-11 CVE-2025-23190 Due to missing authorization check, an authenticated attacker could call a remote-enabled function module which allows them to access data that they would otherwise not have access to.
network
low complexity
CWE-862
4.3
2025-02-07 CVE-2025-25167 Missing Authorization vulnerability in Blackandwhitedigital Bookpress 1.2.7
Missing Authorization vulnerability in blackandwhitedigital BookPress – For Book Authors allows Exploiting Incorrectly Configured Access Control Security Levels.
network
low complexity
blackandwhitedigital CWE-862
critical
9.8
2025-02-07 CVE-2025-1084 A vulnerability, which was classified as problematic, has been found in Mindskip xzs-mysql ????????? 3.9.0.
network
low complexity
CWE-862
4.3
2025-02-06 CVE-2025-1074 A vulnerability, which was classified as problematic, was found in Webkul QloApps 1.6.1.
network
low complexity
CWE-862
4.3
2025-02-04 CVE-2024-13529 The SocialV - Social Network and Community BuddyPress Theme theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'socialv_send_download_file' function in all versions up to, and including, 2.0.15.
network
low complexity
CWE-862
6.5
2025-02-03 CVE-2024-11133 Missing Authorization vulnerability in Imithemes Eventer
The Eventer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'handle_pdf_download_request' function in all versions up to, and including, 3.9.9.
network
low complexity
imithemes CWE-862
5.3
2025-02-03 CVE-2024-11134 Missing Authorization vulnerability in Imithemes Eventer
The Eventer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'eventer_export_bookings_csv' function in all versions up to, and including, 3.9.9.
network
low complexity
imithemes CWE-862
6.5
2025-02-01 CVE-2024-13775 Missing Authorization vulnerability in Vanquish Woocommerce Support Ticket System
The WooCommerce Support Ticket System plugin for WordPress is vulnerable to unauthorized access and loss of data due to missing capability checks on the 'ajax_delete_message', 'ajax_get_customers_partial_list', and 'ajax_get_admins_list' functions in all versions up to, and including, 17.8.
network
low complexity
vanquish CWE-862
5.4