Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-16 | CVE-2021-4447 | The Essential Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in versions up to and including 4.6.4 due to a lack of restrictions on who can add a registration form and a custom registration role to an Elementor created page. | 8.8 |
| 2024-10-16 | CVE-2021-4448 | Missing Authorization vulnerability in Kaswara Project Kaswara 3.0.1 The Kaswara Modern VC Addons plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 3.0.1 due to insufficient capability checking on various AJAX actions. | 9.8 |
| 2024-10-16 | CVE-2022-4972 | Missing Authorization vulnerability in Wpchill Download Monitor The Download Monitor plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST-API routes related to reporting in versions up to, and including, 4.7.51. | 7.5 |
| 2024-10-16 | CVE-2022-4974 | The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. | 6.3 |
| 2024-10-16 | CVE-2023-7287 | Missing Authorization vulnerability in Paytium The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized subscription cancellation due to a missing capability check on the pt_cancel_subscription function in versions up to, and including, 4.3.7. | 5.4 |
| 2024-10-16 | CVE-2023-7288 | Missing Authorization vulnerability in Paytium The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the update_profile_preference function in versions up to, and including, 4.3.7. | 4.3 |
| 2024-10-16 | CVE-2023-7289 | Missing Authorization vulnerability in Paytium The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized API key update due to a missing capability check on the paytium_sw_save_api_keys function in versions up to, and including, 4.3.7. | 4.3 |
| 2024-10-16 | CVE-2023-7290 | Missing Authorization vulnerability in Paytium The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the check_for_verified_profiles function in versions up to, and including, 4.3.7. | 4.3 |
| 2024-10-16 | CVE-2023-7291 | Missing Authorization vulnerability in Paytium The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create_mollie_account function in versions up to, and including, 4.3.7. | 8.1 |
| 2024-10-16 | CVE-2023-7292 | Missing Authorization vulnerability in Paytium The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized notification dismissal due to a missing capability check on the paytium_notice_dismiss function in versions up to, and including, 4.3.7. | 4.3 |