Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-31 | CVE-2024-13767 | The Live2DWebCanvas plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the ClearFiles() function in all versions up to, and including, 1.9.11. | 8.1 |
| 2025-01-30 | CVE-2024-10591 | Missing Authorization vulnerability in Makewebbetter Hubspot for Woocommerce The MWB HubSpot for WooCommerce – CRM, Abandoned Cart, Email Marketing, Marketing Automation & Analytics plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the hubwoo_save_updates() function in all versions up to, and including, 1.5.9. | 8.8 |
| 2025-01-30 | CVE-2024-11583 | Missing Authorization vulnerability in Visualmodo Borderless The Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'remove_zipped_font' function in all versions up to, and including, 1.5.9. | 4.3 |
| 2025-01-30 | CVE-2024-12129 | Missing Authorization vulnerability in Wp-Royal-Themes Royal Core The Royal Core plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'royal_restore_backup' function in all versions up to, and including, 2.9.2. | 8.8 |
| 2025-01-30 | CVE-2024-12269 | Missing Authorization vulnerability in Wpmessiah Safe AI Malware Protection for WP The Safe Ai Malware Protection for WP plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_db() function in all versions up to, and including, 1.0.17. | 7.5 |
| 2025-01-30 | CVE-2024-12821 | Missing Authorization vulnerability in Userproplugin Media Manager The Media Manager for UserPro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the upm_upload_media() function in all versions up to, and including, 3.12.0. | 6.5 |
| 2025-01-30 | CVE-2024-12822 | Missing Authorization vulnerability in Userproplugin Media Manager The Media Manager for UserPro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the add_capto_img() function in all versions up to, and including, 3.11.0. | 9.8 |
| 2025-01-30 | CVE-2024-13652 | Missing Authorization vulnerability in Ecpay Ecommerce for Woocommerce The ECPay Ecommerce for WooCommerce plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'clear_ecpay_debug_log' AJAX action in all versions up to, and including, 1.1.2411060. | 4.3 |
| 2025-01-30 | CVE-2024-13715 | Missing Authorization vulnerability in Ikjweb Zstore Manager Basic The zStore Manager Basic plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the zstore_clear_cache() function in all versions up to, and including, 3.311. | 4.3 |
| 2025-01-26 | CVE-2024-11936 | Missing Authorization vulnerability in Mvpthemes ZOX News The Zox News theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'backup_options' and 'restore_options' function in all versions up to, and including, 3.16.0. | 8.8 |