Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-19 | CVE-2024-13231 | Missing Authorization vulnerability in Portfoliohub The WordPress Portfolio Builder – Portfolio Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'add_video' function in all versions up to, and including, 1.1.7. | 5.3 |
| 2025-02-19 | CVE-2024-13364 | Missing Authorization vulnerability in Raptive ADS The Raptive Ads plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the site_ads_files_reset() and cls_file_reset() functions in all versions up to, and including, 3.6.3. | 5.3 |
| 2025-02-19 | CVE-2024-13468 | The Trash Duplicate and 301 Redirect plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'duplicates-action-top' action in all versions up to, and including, 1.9. | 7.5 |
| 2025-02-19 | CVE-2024-13719 | Missing Authorization vulnerability in Pepro Peprodev Ultimate Invoice The PeproDev Ultimate Invoice plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.8 via the invoicing viewer due to missing validation on a user controlled key. | 5.3 |
| 2025-02-18 | CVE-2024-13783 | Missing Authorization vulnerability in Ncrafts Formcraft The FormCraft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in formcraft-main.php in all versions up to, and including, 3.9.11. | 4.3 |
| 2025-02-18 | CVE-2024-13316 | Missing Authorization vulnerability in Akashmalik Scracth & WIN The Scratch & Win – Giveaways and Contests. | 5.3 |
| 2025-02-18 | CVE-2024-13677 | Missing Authorization vulnerability in Istmoplugins GET Bookings WP The GetBookingsWP – Appointments Booking Calendar Plugin For WordPress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.1.27. | 8.8 |
| 2025-02-18 | CVE-2024-13687 | Missing Authorization vulnerability in Webdevocean Team Builder The Team Builder – Meet the Team plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_team_builder_options() function in all versions up to, and including, 1.3. | 4.3 |
| 2025-02-15 | CVE-2024-13439 | Missing Authorization vulnerability in Techlabpro Team The Team – Team Members Showcase Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the response() function in all versions up to, and including, 4.4.9. | 4.3 |
| 2025-02-15 | CVE-2024-13752 | Missing Authorization vulnerability in Wedevs WP Project Manager The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check in the '/pm/v2/settings/notice' endpoint all versions up to, and including, 2.6.17. | 6.5 |