Vulnerabilities > Missing Authorization

DATE CVE VULNERABILITY TITLE RISK
2025-03-26 CVE-2024-13801 The BWL Advanced FAQ Manager plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'baf_set_notice_status' AJAX action in all versions up to, and including, 2.1.4.
network
low complexity
CWE-862
8.1
2025-03-26 CVE-2025-2276 The Ultimate Dashboard – Custom WordPress Dashboard plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle_module_actions function in all versions up to, and including, 3.8.7.
network
low complexity
CWE-862
4.3
2025-03-25 CVE-2025-2224 The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'parse_query' function in all versions up to, and including, 8.2.
network
low complexity
CWE-862
5.3
2025-03-22 CVE-2025-1408 Missing Authorization vulnerability in Metagauss Profilegrid
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pm_decline_join_group_request and pm_approve_join_group_request functions in all versions up to, and including, 5.9.4.4.
network
low complexity
metagauss CWE-862
4.3
2025-03-22 CVE-2024-13737 Missing Authorization vulnerability in Stylemixthemes Motors - CAR Dealer, Classifieds & Listing
The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability checks on the motors_create_template and motors_delete_template functions in all versions up to, and including, 1.4.57.
network
low complexity
stylemixthemes CWE-862
4.3
2025-03-21 CVE-2025-2589 Missing Authorization vulnerability in Code-Projects Human Resource Management 1.0.1
A vulnerability was found in code-projects Human Resource Management System 1.0.1 and classified as critical.
network
low complexity
code-projects CWE-862
critical
9.8
2025-03-20 CVE-2025-1766 The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'payment_complete' function in all versions up to, and including, 4.0.24.
network
low complexity
CWE-862
5.3
2025-03-19 CVE-2024-12920 The FoodBakery | Delivery Restaurant Directory WordPress Theme theme for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the foodbakery_var_backup_file_delete, foodbakery_widget_file_delete, theme_option_save, export_widget_settings, ajax_import_widget_data, foodbakery_var_settings_backup_generate, foodbakery_var_backup_file_restore, and theme_option_rest_all functions in all versions up to, and including, 4.7.
network
low complexity
CWE-862
8.8
2025-03-19 CVE-2024-13412 The CozyStay theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_handler function in all versions up to, and including, 1.7.0.
network
low complexity
CWE-862
7.5
2025-03-19 CVE-2024-12922 The Altair theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check within functions.php in all versions up to, and including, 5.2.4.
network
low complexity
CWE-862
critical
9.8