Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-24 | CVE-2024-13698 | Missing Authorization vulnerability in Astoundify Jobify The Jobify - Job Board WordPress Theme for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'download_image_via_ai' and 'generate_image_via_ai' functions in all versions up to, and including, 4.2.7. | 6.5 |
| 2025-01-24 | CVE-2024-13335 | Missing Authorization vulnerability in Templatescoder Spexo Addons for Elementor The Spexo Addons for Elementor – Free Elementor Addons, Widgets and Templates plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the tmpcoder_theme_install_func() function in all versions up to, and including, 1.0.14. | 4.3 |
| 2025-01-22 | CVE-2024-13447 | Missing Authorization vulnerability in Thimpress WP Hotel Booking The WP Hotel Booking plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hotel_booking_load_order_user AJAX action in all versions up to, and including, 2.1.6. | 4.3 |
| 2025-01-22 | CVE-2024-13361 | Missing Authorization vulnerability in Aipower The AI Power: Complete AI Pack plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpaicg_save_image_media function in all versions up to, and including, 1.8.96. | 8.8 |
| 2025-01-22 | CVE-2024-12879 | Missing Authorization vulnerability in Quantumcloud Wpot The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'qc_wp_latest_update_check_pro' function in all versions up to, and including, 13.5.5. | 4.3 |
| 2025-01-21 | CVE-2025-24461 | Missing Authorization vulnerability in Jetbrains Teamcity 2024.12.1 In JetBrains TeamCity before 2024.12.1 decryption of connection secrets without proper permissions was possible via Test Connection endpoint | 6.5 |
| 2025-01-21 | CVE-2024-12104 | Missing Authorization vulnerability in Atarim Visual Website Collaboration, Feedback & Project Management The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the wpf_delete_file and wpf_delete_file functions in all versions up to, and including, 4.0.9. | 7.5 |
| 2025-01-18 | CVE-2025-0515 | The Buzz Club – Night Club, DJ and Music Festival Event WordPress Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'cmsmasters_hide_admin_notice' function in all versions up to, and including, 2.0.4. | 4.3 |
| 2025-01-18 | CVE-2024-12071 | Missing Authorization vulnerability in Evergreencontentposter Evergreen Content Poster The Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_network_post() function in all versions up to, and including, 1.4.4. | 5.3 |
| 2025-01-18 | CVE-2018-9406 | Missing Authorization vulnerability in Google Android In NlpService, there is a possible way to obtain location information due to a missing permission check. | 5.5 |