Vulnerabilities > Missing Authorization
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2025-02-28 | CVE-2025-1682 | The Cardealer theme for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.4 due to missing capability check on the 'save_settings' function. | 8.8 |
2025-02-27 | CVE-2025-1745 | A vulnerability has been found in LinZhaoguan pb-cms 2.0 and classified as problematic. | 4.3 |
2025-02-25 | CVE-2025-26871 | Missing Authorization vulnerability in Wpdeveloper Essential Blocks Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels. | 8.8 |
2025-02-25 | CVE-2025-1644 | Missing Authorization vulnerability in Modernasistemas Modernanet A vulnerability classified as problematic has been found in Benner ModernaNet up to 1.2.0. | 6.5 |
2025-02-25 | CVE-2025-1643 | Missing Authorization vulnerability in Modernasistemas Modernanet A vulnerability was found in Benner ModernaNet up to 1.1.0. | 8.8 |
2025-02-22 | CVE-2025-1557 | A vulnerability, which was classified as problematic, was found in OFCMS 1.1.3. | 4.3 |
2025-02-21 | CVE-2025-1402 | Missing Authorization vulnerability in Theeventscalendar Event Tickets The Event Tickets and Registration plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'ajax_ticket_delete' function in all versions up to, and including, 5.19.1.1. | 5.3 |
2025-02-20 | CVE-2024-13520 | Missing Authorization vulnerability in Codemenschen Gift Vouchers The Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) plugin for WordPress is vulnerable to unauthorized modification of data|loss of data due to a missing capability check on the 'update_voucher_price', 'update_voucher_date', 'update_voucher_note' functions in all versions up to, and including, 4.4.6. | 5.3 |
2025-02-20 | CVE-2025-1483 | Missing Authorization vulnerability in Wwexgroup LTL Freight Quotes The LTL Freight Quotes – GlobalTranz Edition plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the engtz_wd_save_dropship AJAX endpoint in all versions up to, and including, 2.3.12. | 5.3 |
2025-02-19 | CVE-2025-0968 | Missing Authorization vulnerability in Wpmet Elementskit Elementor Addons The ElementsKit Elementor addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.0 due to a missing capability checks on the get_megamenu_content() function. | 5.3 |