Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-04 | CVE-2024-13529 | The SocialV - Social Network and Community BuddyPress Theme theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'socialv_send_download_file' function in all versions up to, and including, 2.0.15. | 6.5 |
| 2025-02-03 | CVE-2024-11133 | Missing Authorization vulnerability in Imithemes Eventer The Eventer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'handle_pdf_download_request' function in all versions up to, and including, 3.9.9. | 5.3 |
| 2025-02-03 | CVE-2024-11134 | Missing Authorization vulnerability in Imithemes Eventer The Eventer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'eventer_export_bookings_csv' function in all versions up to, and including, 3.9.9. | 6.5 |
| 2025-02-01 | CVE-2024-13775 | Missing Authorization vulnerability in Vanquish Woocommerce Support Ticket System The WooCommerce Support Ticket System plugin for WordPress is vulnerable to unauthorized access and loss of data due to missing capability checks on the 'ajax_delete_message', 'ajax_get_customers_partial_list', and 'ajax_get_admins_list' functions in all versions up to, and including, 17.8. | 5.4 |
| 2025-02-01 | CVE-2024-12825 | Missing Authorization vulnerability in Brechtvds Custom Related Posts The Custom Related Posts plugin for WordPress is vulnerable to unauthorized access & modification of data due to a missing capability check on three AJAX actions in all versions up to, and including, 1.7.3. | 5.4 |
| 2025-02-01 | CVE-2024-13371 | Missing Authorization vulnerability in Wpjobportal WP JOB Portal The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized arbitrary emails sending due to a missing capability check on the sendEmailToJobSeeker() function in all versions up to, and including, 2.2.6. | 5.3 |
| 2025-02-01 | CVE-2025-0939 | Missing Authorization vulnerability in Dcooperman Magicform The MagicForm plugin for WordPress is vulnerable to access and modification of data due to a missing capability check on the plugin's AJAX actions in all versions up to, and including, 1.6.2. | 6.3 |
| 2025-02-01 | CVE-2024-12171 | Missing Authorization vulnerability in Elula Wsdesk The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the 'eh_crm_agent_add_user' AJAX action in all versions up to, and including, 3.2.6. | 8.8 |
| 2025-02-01 | CVE-2024-12184 | Missing Authorization vulnerability in Cimatti Wordpress Contact Forms The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the accua_forms_download_submitted_file() function in all versions up to, and including, 1.9.4. | 5.3 |
| 2025-02-01 | CVE-2024-12620 | Missing Authorization vulnerability in Creativeinteractivemedia Animategl Animations The AnimateGL Animations for WordPress – Elementor & Gutenberg Blocks Animations plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'agl_json' AJAX action in all versions up to, and including, 1.4.23. | 5.3 |