Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-31 | CVE-2024-13424 | The Ni Sales Commission For WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'niwoosc_ajax' AJAX endpoint in all versions up to, and including, 1.2.4. | 4.3 |
| 2025-01-31 | CVE-2024-13717 | The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_ajax_toggle_ae and vcita_ajax_toggle_contact functions in all versions up to, and including, 2.7.1. | 4.3 |
| 2025-01-31 | CVE-2024-13767 | The Live2DWebCanvas plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the ClearFiles() function in all versions up to, and including, 1.9.11. | 8.1 |
| 2025-01-30 | CVE-2024-10591 | Missing Authorization vulnerability in Makewebbetter Hubspot for Woocommerce The MWB HubSpot for WooCommerce – CRM, Abandoned Cart, Email Marketing, Marketing Automation & Analytics plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the hubwoo_save_updates() function in all versions up to, and including, 1.5.9. | 8.8 |
| 2025-01-30 | CVE-2024-11583 | Missing Authorization vulnerability in Visualmodo Borderless The Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'remove_zipped_font' function in all versions up to, and including, 1.5.9. | 4.3 |
| 2025-01-30 | CVE-2024-12129 | Missing Authorization vulnerability in Wp-Royal-Themes Royal Core The Royal Core plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'royal_restore_backup' function in all versions up to, and including, 2.9.2. | 8.8 |
| 2025-01-30 | CVE-2024-12269 | Missing Authorization vulnerability in Wpmessiah Safe AI Malware Protection for WP The Safe Ai Malware Protection for WP plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_db() function in all versions up to, and including, 1.0.17. | 7.5 |
| 2025-01-30 | CVE-2024-12821 | Missing Authorization vulnerability in Userproplugin Media Manager The Media Manager for UserPro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the upm_upload_media() function in all versions up to, and including, 3.12.0. | 6.5 |
| 2025-01-30 | CVE-2024-12822 | Missing Authorization vulnerability in Userproplugin Media Manager The Media Manager for UserPro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the add_capto_img() function in all versions up to, and including, 3.11.0. | 9.8 |
| 2025-01-30 | CVE-2024-13652 | Missing Authorization vulnerability in Ecpay Ecommerce for Woocommerce The ECPay Ecommerce for WooCommerce plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'clear_ecpay_debug_log' AJAX action in all versions up to, and including, 1.1.2411060. | 4.3 |