Vulnerabilities > Missing Authorization

DATE CVE VULNERABILITY TITLE RISK
2025-02-01 CVE-2024-13775 Missing Authorization vulnerability in Vanquish Woocommerce Support Ticket System
The WooCommerce Support Ticket System plugin for WordPress is vulnerable to unauthorized access and loss of data due to missing capability checks on the 'ajax_delete_message', 'ajax_get_customers_partial_list', and 'ajax_get_admins_list' functions in all versions up to, and including, 17.8.
network
low complexity
vanquish CWE-862
5.4
2025-02-01 CVE-2024-12825 Missing Authorization vulnerability in Brechtvds Custom Related Posts
The Custom Related Posts plugin for WordPress is vulnerable to unauthorized access & modification of data due to a missing capability check on three AJAX actions in all versions up to, and including, 1.7.3.
network
low complexity
brechtvds CWE-862
5.4
2025-02-01 CVE-2024-13371 Missing Authorization vulnerability in Wpjobportal WP JOB Portal
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized arbitrary emails sending due to a missing capability check on the sendEmailToJobSeeker() function in all versions up to, and including, 2.2.6.
network
low complexity
wpjobportal CWE-862
5.3
2025-02-01 CVE-2025-0939 Missing Authorization vulnerability in Dcooperman Magicform
The MagicForm plugin for WordPress is vulnerable to access and modification of data due to a missing capability check on the plugin's AJAX actions in all versions up to, and including, 1.6.2.
network
low complexity
dcooperman CWE-862
6.3
2025-02-01 CVE-2024-12171 Missing Authorization vulnerability in Elula Wsdesk
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the 'eh_crm_agent_add_user' AJAX action in all versions up to, and including, 3.2.6.
network
low complexity
elula CWE-862
8.8
2025-02-01 CVE-2024-12184 Missing Authorization vulnerability in Cimatti Wordpress Contact Forms
The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the accua_forms_download_submitted_file() function in all versions up to, and including, 1.9.4.
network
low complexity
cimatti CWE-862
5.3
2025-02-01 CVE-2024-12620 Missing Authorization vulnerability in Creativeinteractivemedia Animategl Animations
The AnimateGL Animations for WordPress – Elementor & Gutenberg Blocks Animations plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'agl_json' AJAX action in all versions up to, and including, 1.4.23.
network
low complexity
creativeinteractivemedia CWE-862
5.3
2025-02-01 CVE-2024-13343 Missing Authorization vulnerability in Vanquish Woocommerce Customers Manager
The WooCommerce Customers Manager plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ajax_assign_new_roles() function in all versions up to, and including, 31.3.
network
low complexity
vanquish CWE-862
8.8
2025-02-01 CVE-2024-13651 Missing Authorization vulnerability in Rapidload Power-Up for Autoptimize
The RapidLoad – Optimize Web Vitals Automatically plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_deactivate() function in all versions up to, and including, 2.4.4.
network
low complexity
rapidload CWE-862
4.3
2025-01-31 CVE-2024-13530 The Custom Login Page Styler – Limit Login Attempts – Restrict Content With Login – Redirect After Login – Change Login URL – Sign in , Sign out plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the lps_handle_delete_all_logs(), lps_handle_delete_login_log(), and lps_handle_end_session() functions in all versions up to, and including, 7.1.1.
network
low complexity
CWE-862
4.3