Vulnerabilities > Missing Authorization

DATE CVE VULNERABILITY TITLE RISK
2025-01-31 CVE-2024-13767 The Live2DWebCanvas plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the ClearFiles() function in all versions up to, and including, 1.9.11.
network
low complexity
CWE-862
8.1
2025-01-30 CVE-2024-10591 Missing Authorization vulnerability in Makewebbetter Hubspot for Woocommerce
The MWB HubSpot for WooCommerce – CRM, Abandoned Cart, Email Marketing, Marketing Automation & Analytics plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the hubwoo_save_updates() function in all versions up to, and including, 1.5.9.
network
low complexity
makewebbetter CWE-862
8.8
2025-01-30 CVE-2024-11583 Missing Authorization vulnerability in Visualmodo Borderless
The Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'remove_zipped_font' function in all versions up to, and including, 1.5.9.
network
low complexity
visualmodo CWE-862
4.3
2025-01-30 CVE-2024-12129 Missing Authorization vulnerability in Wp-Royal-Themes Royal Core
The Royal Core plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'royal_restore_backup' function in all versions up to, and including, 2.9.2.
network
low complexity
wp-royal-themes CWE-862
8.8
2025-01-30 CVE-2024-12269 Missing Authorization vulnerability in Wpmessiah Safe AI Malware Protection for WP
The Safe Ai Malware Protection for WP plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_db() function in all versions up to, and including, 1.0.17.
network
low complexity
wpmessiah CWE-862
7.5
2025-01-30 CVE-2024-12821 Missing Authorization vulnerability in Userproplugin Media Manager
The Media Manager for UserPro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the upm_upload_media() function in all versions up to, and including, 3.12.0.
network
low complexity
userproplugin CWE-862
6.5
2025-01-30 CVE-2024-12822 Missing Authorization vulnerability in Userproplugin Media Manager
The Media Manager for UserPro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the add_capto_img() function in all versions up to, and including, 3.11.0.
network
low complexity
userproplugin CWE-862
critical
9.8
2025-01-30 CVE-2024-13652 Missing Authorization vulnerability in Ecpay Ecommerce for Woocommerce
The ECPay Ecommerce for WooCommerce plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'clear_ecpay_debug_log' AJAX action in all versions up to, and including, 1.1.2411060.
network
low complexity
ecpay CWE-862
4.3
2025-01-30 CVE-2024-13715 Missing Authorization vulnerability in Ikjweb Zstore Manager Basic
The zStore Manager Basic plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the zstore_clear_cache() function in all versions up to, and including, 3.311.
network
low complexity
ikjweb CWE-862
4.3
2025-01-26 CVE-2024-11936 Missing Authorization vulnerability in Mvpthemes ZOX News
The Zox News theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'backup_options' and 'restore_options' function in all versions up to, and including, 3.16.0.
network
low complexity
mvpthemes CWE-862
8.8