Vulnerabilities > Missing Authorization
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2025-02-12 | CVE-2024-13656 | Missing Authorization vulnerability in Mvpthemes Click MAG The Click Mag - Viral WordPress News Magazine/Blog Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the propanel_of_ajax_callback() function in all versions up to, and including, 3.6.0. | 8.1 |
2025-02-12 | CVE-2024-13800 | Missing Authorization vulnerability in Convertplug Convertplus The ConvertPlus plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'cp_dismiss_notice' AJAX endpoint in all versions up to, and including, 3.5.30. | 8.1 |
2025-02-12 | CVE-2024-13541 | Missing Authorization vulnerability in Adirectory The aDirectory – WordPress Directory Listing Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the adqs_delete_listing() function in all versions up to, and including, 2.3. | 5.4 |
2025-02-12 | CVE-2024-13554 | Missing Authorization vulnerability in Wpextended WP Extended The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reorder_route() function in all versions up to, and including, 3.0.13. | 5.3 |
2025-02-11 | CVE-2024-13643 | The Zox News - Professional WordPress News & Magazine Theme plugin for WordPress is vulnerable to unauthorized data modification. | 8.8 |
2025-02-11 | CVE-2025-23189 | Due to missing authorization check in an RFC enabled function module in transaction SDCCN, an authenticated attacker could generate technical meta-data. | 4.3 |
2025-02-11 | CVE-2025-23190 | Due to missing authorization check, an authenticated attacker could call a remote-enabled function module which allows them to access data that they would otherwise not have access to. | 4.3 |
2025-02-07 | CVE-2025-25167 | Missing Authorization vulnerability in Blackandwhitedigital Bookpress 1.2.7 Missing Authorization vulnerability in blackandwhitedigital BookPress – For Book Authors allows Exploiting Incorrectly Configured Access Control Security Levels. | 9.8 |
2025-02-07 | CVE-2025-1084 | A vulnerability, which was classified as problematic, has been found in Mindskip xzs-mysql ????????? 3.9.0. | 4.3 |
2025-02-06 | CVE-2025-1074 | A vulnerability, which was classified as problematic, was found in Webkul QloApps 1.6.1. | 4.3 |