Vulnerabilities > Missing Authorization

DATE CVE VULNERABILITY TITLE RISK
2024-11-13 CVE-2024-10853 Missing Authorization vulnerability in Zixn BUY ONE Click Woocommerce
The Buy one click WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the removeorder AJAX action in all versions up to, and including, 2.2.9.
network
low complexity
zixn CWE-862
4.3
2024-11-13 CVE-2024-10854 Missing Authorization vulnerability in Zixn BUY ONE Click Woocommerce
The Buy one click WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the buy_one_click_import_options AJAX action in all versions up to, and including, 2.2.9.
network
low complexity
zixn CWE-862
4.3
2024-11-09 CVE-2024-10589 The Leopard - WordPress Offload Media plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the import_settings() function in all versions up to, and including, 3.1.1.
network
low complexity
CWE-862
critical
9.8
2024-11-09 CVE-2024-10673 The Top Store theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the top_store_install_and_activate_callback() function in all versions up to, and including, 1.5.4.
network
low complexity
CWE-862
8.8
2024-11-09 CVE-2024-10674 The Th Shop Mania theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the th_shop_mania_install_and_activate_callback() function in all versions up to, and including, 1.4.9.
network
low complexity
CWE-862
8.8
2024-11-09 CVE-2024-10294 The CE21 Suite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ce21_single_sign_on_save_api_settings' function in versions up to, and including, 2.2.0.
network
low complexity
CWE-862
6.5
2024-11-09 CVE-2024-10586 The Debug Tool plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check on the dbt_pull_image() function and missing file type validation in all versions up to, and including, 2.2.
network
low complexity
CWE-862
critical
9.8
2024-11-09 CVE-2024-10588 The Debug Tool plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the info() function in all versions up to, and including, 2.2.
network
low complexity
CWE-862
4.3
2024-11-06 CVE-2024-10535 Missing Authorization vulnerability in Martinvalchev Video Gallery for Woocommerce
The Video Gallery for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the remove_unused_thumbnails() function in all versions up to, and including, 1.31.
network
low complexity
martinvalchev CWE-862
5.3
2024-11-06 CVE-2024-10543 Missing Authorization vulnerability in Tumult Hype Animations
The Tumult Hype Animations plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hypeanimations_getcontent function in all versions up to, and including, 1.9.14.
network
low complexity
tumult CWE-862
4.3