Vulnerabilities > Missing Authorization

DATE CVE VULNERABILITY TITLE RISK
2025-02-18 CVE-2024-13687 The Team Builder – Meet the Team plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_team_builder_options() function in all versions up to, and including, 1.3.
network
low complexity
CWE-862
4.3
4.3
2025-02-15 CVE-2024-13439 The Team – Team Members Showcase Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the response() function in all versions up to, and including, 4.4.9.
network
low complexity
CWE-862
4.3
4.3
2025-02-15 CVE-2024-13752 The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check in the '/pm/v2/settings/notice' endpoint all versions up to, and including, 2.6.17.
network
low complexity
CWE-862
6.5
6.5
2025-02-15 CVE-2025-0935 The Media Library Folders plugin for WordPress is vulnerable to unauthorized plugin settings change due to a missing capability check on several AJAX actions in all versions up to, and including, 8.3.0.
network
low complexity
CWE-862
4.3
4.3
2025-02-15 CVE-2024-13513 The Oliver POS – A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.2.3 via the logging functionality.
network
low complexity
CWE-862
critical
 9.8
9.8
2025-02-13 CVE-2024-13639 Missing Authorization vulnerability in Edmonsoft Read More & Accordion
The Read More & Accordion plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the expmDeleteData() function in all versions up to, and including, 3.4.2.
network
low complexity
edmonsoft CWE-862
4.3
4.3
2025-02-12 CVE-2024-12296 Missing Authorization vulnerability in Apusthemes Superio
The Apus Framework plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'import_page_options' function in all versions up to, and including, 2.3.
network
low complexity
apusthemes CWE-862
8.8
8.8
2025-02-12 CVE-2024-13374 The WP Table Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on thewptm_getFolders AJAX action in all versions up to, and including, 4.1.3.
network
low complexity
CWE-862
4.3
4.3
2025-02-12 CVE-2024-12164 The WPSyncSheets Lite For WPForms – WPForms Google Spreadsheet Addon plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpsslwp_reset_settings() function in all versions up to, and including, 1.6.
network
low complexity
CWE-862
4.3
4.3
2025-02-12 CVE-2024-13653 The ZoxPress - The All-In-One WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'backup_options' function in all versions up to, and including, 2.12.0.
network
low complexity
CWE-862
8.8
8.8