Vulnerabilities > Missing Authorization

DATE	CVE	VULNERABILITY TITLE	RISK
2025-01-07	CVE-2024-12535	The Host PHP Info plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when including the 'phpinfo' function in all versions up to, and including, 1.0.4. network low complexity CWE-862	8.6
2025-01-07	CVE-2024-9697	The Social Rocket – Social Sharing Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tweet_settings_save() and tweet_settings_update() functions in all versions up to, and including, 1.3.4. network low complexity CWE-862	5.3
2025-01-07	CVE-2024-10527	The Spacer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the motech_spacer_callback() function in all versions up to, and including, 3.0.7. network high complexity CWE-862	3.1
2025-01-07	CVE-2024-11496	The Infility Global plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the infility_global_ajax function in all versions up to, and including, 2.9.8. network low complexity CWE-862	6.5
2025-01-07	CVE-2024-12158	The Popup – MailChimp, GetResponse and ActiveCampaign Intergrations plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'upc_delete_db_data' AJAX action in all versions up to, and including, 3.2.6. network low complexity CWE-862	5.3
2025-01-07	CVE-2024-12176	The WordLift – AI powered SEO – Schema plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'wl_config_plugin' AJAX action in all versions up to, and including, 3.54.0. network low complexity CWE-862	5.3
2025-01-07	CVE-2024-12327	The LazyLoad Background Images plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pblzbg_save_settings() function in all versions up to, and including, 1.0.7. network low complexity CWE-862	4.3
2025-01-07	CVE-2024-12022	The WP Menu Image plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wmi_delete_img_menu' function in all versions up to, and including, 2.2. network low complexity CWE-862	5.3
2025-01-07	CVE-2024-12559	The ClickDesigns plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'clickdesigns_add_api' and the 'clickdesigns_remove_api' functions in all versions up to, and including, 1.8.0. network low complexity CWE-862	5.3
2025-01-02	CVE-2023-45101	Missing Authorization vulnerability in Cusrev Customer Reviews for Woocommerce Missing Authorization vulnerability in CusRev Customer Reviews for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Customer Reviews for WooCommerce: from n/a through 5.36.0. network low complexity cusrev CWE-862	4.3

Vulnerabilities > Missing Authorization {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Missing Authorization"}]}

Vulnerabilities > Missing Authorization