Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-01 | CVE-2024-13775 | Missing Authorization vulnerability in Vanquish Woocommerce Support Ticket System The WooCommerce Support Ticket System plugin for WordPress is vulnerable to unauthorized access and loss of data due to missing capability checks on the 'ajax_delete_message', 'ajax_get_customers_partial_list', and 'ajax_get_admins_list' functions in all versions up to, and including, 17.8. | 5.4 |
| 2025-02-01 | CVE-2024-12825 | Missing Authorization vulnerability in Brechtvds Custom Related Posts The Custom Related Posts plugin for WordPress is vulnerable to unauthorized access & modification of data due to a missing capability check on three AJAX actions in all versions up to, and including, 1.7.3. | 5.4 |
| 2025-02-01 | CVE-2024-13371 | Missing Authorization vulnerability in Wpjobportal WP JOB Portal The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized arbitrary emails sending due to a missing capability check on the sendEmailToJobSeeker() function in all versions up to, and including, 2.2.6. | 5.3 |
| 2025-02-01 | CVE-2025-0939 | Missing Authorization vulnerability in Dcooperman Magicform The MagicForm plugin for WordPress is vulnerable to access and modification of data due to a missing capability check on the plugin's AJAX actions in all versions up to, and including, 1.6.2. | 6.3 |
| 2025-02-01 | CVE-2024-12171 | Missing Authorization vulnerability in Elula Wsdesk The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the 'eh_crm_agent_add_user' AJAX action in all versions up to, and including, 3.2.6. | 8.8 |
| 2025-02-01 | CVE-2024-12184 | Missing Authorization vulnerability in Cimatti Wordpress Contact Forms The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the accua_forms_download_submitted_file() function in all versions up to, and including, 1.9.4. | 5.3 |
| 2025-02-01 | CVE-2024-12620 | Missing Authorization vulnerability in Creativeinteractivemedia Animategl Animations The AnimateGL Animations for WordPress – Elementor & Gutenberg Blocks Animations plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'agl_json' AJAX action in all versions up to, and including, 1.4.23. | 5.3 |
| 2025-02-01 | CVE-2024-13343 | Missing Authorization vulnerability in Vanquish Woocommerce Customers Manager The WooCommerce Customers Manager plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ajax_assign_new_roles() function in all versions up to, and including, 31.3. | 8.8 |
| 2025-02-01 | CVE-2024-13651 | Missing Authorization vulnerability in Rapidload Power-Up for Autoptimize The RapidLoad – Optimize Web Vitals Automatically plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_deactivate() function in all versions up to, and including, 2.4.4. | 4.3 |
| 2025-01-31 | CVE-2024-13530 | The Custom Login Page Styler – Limit Login Attempts – Restrict Content With Login – Redirect After Login – Change Login URL – Sign in , Sign out plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the lps_handle_delete_all_logs(), lps_handle_delete_login_log(), and lps_handle_end_session() functions in all versions up to, and including, 7.1.1. | 4.3 |