Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-21 | CVE-2024-3961 | Missing Authorization vulnerability in Convertkit - Email Marketing, Email Newsletter and Landing Pages The ConvertKit – Email Newsletter, Email Marketing, Subscribers and Landing Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tag_subscriber function in all versions up to, and including, 2.4.9. | 5.3 |
| 2024-06-21 | CVE-2024-1955 | Missing Authorization vulnerability in Wprepublic Hide Dashboard Notifications The Hide Dashboard Notifications plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'warning_notices_settings' function in all versions up to, and including, 1.3. | 4.3 |
| 2024-06-21 | CVE-2024-3610 | Missing Authorization vulnerability in Wensolutions WP Child Theme Generator The WP Child Theme Generator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wctg_easy_child_theme() function in all versions up to, and including, 1.1.1. | 5.3 |
| 2024-06-20 | CVE-2023-3204 | Missing Authorization vulnerability in Extendthemes Materialis The Materialis theme for WordPress is vulnerable to limited arbitrary options updates in versions up to, and including, 1.1.24. | 6.5 |
| 2024-06-20 | CVE-2024-3602 | Missing Authorization vulnerability in Promolayer Popup Builder The Pop ups, Exit intent popups, email popups, banners, bars, countdowns and cart savers – Promolayer plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the disconnect_promolayer function in all versions up to, and including, 1.1.0. | 4.3 |
| 2024-06-20 | CVE-2024-3627 | Missing Authorization vulnerability in Kraftplugins Wheel of Life The Wheel of Life: Coaching and Assessment Tool for Life Coach plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on several functions in the AjaxFunctions.php file in all versions up to, and including, 1.1.7. | 5.4 |
| 2024-06-19 | CVE-2022-45832 | Missing Authorization vulnerability in Hennessey Attorney Missing Authorization vulnerability in Hennessey Digital Attorney.This issue affects Attorney: from n/a through 3. | 9.8 |
| 2024-06-19 | CVE-2023-36515 | Missing Authorization vulnerability in Thimpress Learnpress Missing Authorization vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through 4.2.3. | 9.8 |
| 2024-06-19 | CVE-2023-36516 | Missing Authorization vulnerability in Thimpress Learnpress Missing Authorization vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through 4.2.3. | 8.8 |
| 2024-06-19 | CVE-2023-38393 | Missing Authorization vulnerability in Ninjaforms Ninja Forms Missing Authorization vulnerability in Saturday Drive Ninja Forms.This issue affects Ninja Forms: from n/a through 3.6.25. | 8.8 |