Vulnerabilities > Missing Authorization

DATE CVE VULNERABILITY TITLE RISK
2025-04-14 CVE-2025-3557 A vulnerability, which was classified as problematic, has been found in ScriptAndTools eCommerce-website-in-PHP 3.0.
network
low complexity
CWE-862
4.3
2025-04-10 CVE-2025-2719 The Swatchly – WooCommerce Variation Swatches for Products (product attributes: Image swatch, Color swatches, Label swatches) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_dismiss function in versions 1.2.8 to 1.4.0.
network
low complexity
CWE-862
6.5
2025-04-10 CVE-2025-3417 The Embedder plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajax_set_global_option() function in versions 1.3 to 1.3.5.
network
low complexity
CWE-862
8.8
2025-04-08 CVE-2025-2568 The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on the 'vayu_blocks_get_toggle_switch_values_callback' and 'vayu_blocks_save_toggle_switch_callback' function in versions 1.0.4 to 1.2.1.
network
low complexity
CWE-862
5.3
2025-04-08 CVE-2025-2876 The MelaPress Login Security and MelaPress Login Security Premium plugins for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'monitor_admin_actions' function in version 2.1.0.
network
low complexity
CWE-862
5.3
2025-04-08 CVE-2025-2807 The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary plugin installations due to a missing capability check in the mvl_setup_wizard_install_plugin() function in all versions up to, and including, 1.4.64.
network
low complexity
CWE-862
8.8
2025-04-08 CVE-2025-3437 The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in the ajax_actions.php file in all versions up to, and including, 1.4.66.
network
low complexity
CWE-862
4.3
2025-04-08 CVE-2025-26657 SAP KMC WPC allows an unauthenticated attacker to remotely retrieve usernames by a simple parameter query which could expose sensitive information causing low impact on confidentiality of the application.
network
low complexity
CWE-862
5.3
2025-04-08 CVE-2025-27428 Due to directory traversal vulnerability, an authorized attacker could gain access to some critical information by using RFC enabled function module.
network
low complexity
CWE-862
7.7
2025-04-08 CVE-2025-27435 Under specific conditions and prerequisites, an unauthenticated attacker could access customer coupon codes exposed in the URL parameters of the Coupon Campaign URL in SAP Commerce.
network
high complexity
CWE-862
4.2