VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> Missing Authorization
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2025-01-09
CVE-2024-12616
The Bitly's WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions in all versions up to, and including, 2.7.3.
network
low complexity
CWE-862
4.3
4.3
2025-01-09
CVE-2024-12618
The Newsletter2Go plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'resetStyles' AJAX action in all versions up to, and including, 4.0.14.
network
low complexity
CWE-862
4.3
4.3
2025-01-09
CVE-2024-12848
The SKT Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the 'addLibraryByArchive' function in all versions up to, and including, 4.6.
network
low complexity
CWE-862
8.8
8.8
2025-01-09
CVE-2024-5769
The MIMO Woocommerce Order Tracking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.0.2.
network
low complexity
CWE-862
4.3
4.3
2025-01-09
CVE-2024-6155
The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Authenticated (Subscriber+) Server-Side Request Forgery and Stored Cross Site Scripting in all versions up to, and including, 9.0.0 due to a missing capability check in the greenshift_download_file_localy function, along with no SSRF protection and sanitization on uploaded SVG files.
network
low complexity
CWE-862
6.4
6.4
2025-01-08
CVE-2024-11423
The Ultimate Gift Cards for WooCommerce – Create WooCommerce Gift Cards, Gift Vouchers, Redeem & Manage Digital Gift Coupons.
network
low complexity
CWE-862
7.5
7.5
2025-01-08
CVE-2024-12712
The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the webhook function in all versions up to, and including, 5.7.8.
network
low complexity
CWE-862
5.3
5.3
2025-01-08
CVE-2024-12855
The AdForest theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions like 'sb_remove_ad' in all versions up to, and including, 5.1.7.
network
low complexity
CWE-862
4.3
4.3
2025-01-08
CVE-2024-11270
The WordPress Webinar Plugin – WebinarPress plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check on the 'sync-import-imgs' function and missing file type validation in all versions up to, and including, 1.33.24.
network
low complexity
CWE-862
8.8
8.8
2025-01-08
CVE-2024-11271
The WordPress Webinar Plugin – WebinarPress plugin for WordPress is vulnerable to modification of data due to a missing capability check on several functions in all versions up to, and including, 1.33.24.
network
low complexity
CWE-862
8.8
8.8
«
Previous
1
2
(current)
3
4
5
...
234
235
»
Next