Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-22 | CVE-2024-10003 | Missing Authorization vulnerability in Roveridx Rover IDX The Rover IDX plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 3.0.0.2903. | 6.3 |
| 2024-10-21 | CVE-2024-49367 | Missing Authorization vulnerability in Nginxui Nginx UI Nginx UI is a web user interface for the Nginx web server. | 7.5 |
| 2024-10-21 | CVE-2024-49273 | Missing Authorization vulnerability in Metagauss Profilegrid Missing Authorization vulnerability in ProfileGrid User Profiles ProfileGrid.This issue affects ProfileGrid: from n/a through 5.9.3. | 6.5 |
| 2024-10-21 | CVE-2024-49293 | Missing Authorization vulnerability in Rextheme WP VR Missing Authorization vulnerability in Rextheme WP VR allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP VR: from n/a through 8.5.4. | 5.4 |
| 2024-10-21 | CVE-2024-49321 | Missing Authorization vulnerability in Colorlib Simple Custom Post Order Missing Authorization vulnerability in Colorlib Simple Custom Post Order allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Custom Post Order: from n/a through 2.5.7. | 4.3 |
| 2024-10-20 | CVE-2024-49325 | Missing Authorization vulnerability in Wpdiscover Photo Gallery Builder Subscriber Broken Access Control in Photo Gallery Builder <= 3.0 versions. | 8.8 |
| 2024-10-18 | CVE-2024-10078 | Missing Authorization vulnerability in Newsignature WP Easy Post Types The WP Easy Post Types plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 1.4.4. | 5.4 |
| 2024-10-18 | CVE-2024-9361 | Missing Authorization vulnerability in Giuliopanda Bulk Images Optimizer The Bulk images optimizer: Resize, optimize, convert to webp, rename … plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_configuration' function in all versions up to, and including, 2.0.1. | 4.3 |
| 2024-10-18 | CVE-2024-9364 | Missing Authorization vulnerability in Smackcoders Sendgrid The SendGrid for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'wp_mailplus_clear_logs' function in all versions up to, and including, 1.4. | 4.3 |
| 2024-10-16 | CVE-2020-36840 | Missing Authorization vulnerability in Motopress Timetable and Event Schedule The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wp_ajax_route_url() function called via a nopriv AJAX action in versions up to, and including, 2.3.8. | 9.8 |