Vulnerabilities > Missing Authorization

DATE CVE VULNERABILITY TITLE RISK
2025-02-12 CVE-2025-26372 Missing Authorization vulnerability in Q-Free Maxtime
A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove users from groups via crafted HTTP requests.
network
low complexity
q-free CWE-862
8.1
2025-02-12 CVE-2025-26374 Missing Authorization vulnerability in Q-Free Maxtime
A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua (users endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to enumerate users via crafted HTTP requests.
network
low complexity
q-free CWE-862
4.3
2025-02-12 CVE-2025-26375 Missing Authorization vulnerability in Q-Free Maxtime
A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to create users with arbitrary privileges via crafted HTTP requests.
network
low complexity
q-free CWE-862
8.8
2025-02-12 CVE-2025-26376 Missing Authorization vulnerability in Q-Free Maxtime
A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to modify user data via crafted HTTP requests.
network
low complexity
q-free CWE-862
6.5
2025-02-12 CVE-2025-26378 Missing Authorization vulnerability in Q-Free Maxtime
A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to reset passwords, including the ones of administrator accounts, via crafted HTTP requests.
network
low complexity
q-free CWE-862
8.8
2025-02-12 CVE-2024-12296 Missing Authorization vulnerability in Apusthemes Superio
The Apus Framework plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'import_page_options' function in all versions up to, and including, 2.3.
network
low complexity
apusthemes CWE-862
8.8
2025-02-12 CVE-2024-13374 Missing Authorization vulnerability in Joomunited WP Table Manager
The WP Table Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on thewptm_getFolders AJAX action in all versions up to, and including, 4.1.3.
network
low complexity
joomunited CWE-862
6.5
2025-02-12 CVE-2024-12164 Missing Authorization vulnerability in Creativewerkdesigns Wpsyncsheets
The WPSyncSheets Lite For WPForms – WPForms Google Spreadsheet Addon plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpsslwp_reset_settings() function in all versions up to, and including, 1.6.
network
low complexity
creativewerkdesigns CWE-862
4.3
2025-02-12 CVE-2024-13653 Missing Authorization vulnerability in Mvpthemes Zoxpress
The ZoxPress - The All-In-One WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'backup_options' function in all versions up to, and including, 2.12.0.
network
low complexity
mvpthemes CWE-862
8.8
2025-02-12 CVE-2024-13654 Missing Authorization vulnerability in Mvpthemes Zoxpress
The ZoxPress - The All-In-One WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'reset_options' function in all versions up to, and including, 2.12.0.
network
low complexity
mvpthemes CWE-862
8.1