Vulnerabilities > Missing Authorization

DATE	CVE	VULNERABILITY TITLE	RISK
2025-01-07	CVE-2024-12535	The Host PHP Info plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when including the 'phpinfo' function in all versions up to, and including, 1.0.4. network low complexity CWE-862	8.6
2025-01-07	CVE-2024-9697	Missing Authorization vulnerability in Wpsocialrocket Social Rocket The Social Rocket – Social Sharing Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tweet_settings_save() and tweet_settings_update() functions in all versions up to, and including, 1.3.4. network low complexity wpsocialrocket CWE-862	5.3
2025-01-07	CVE-2024-10527	The Spacer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the motech_spacer_callback() function in all versions up to, and including, 3.0.7. network high complexity CWE-862	3.1
2025-01-07	CVE-2024-11496	The Infility Global plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the infility_global_ajax function in all versions up to, and including, 2.9.8. network low complexity CWE-862	6.5
2025-01-07	CVE-2024-12158	The Popup – MailChimp, GetResponse and ActiveCampaign Intergrations plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'upc_delete_db_data' AJAX action in all versions up to, and including, 3.2.6. network low complexity CWE-862	5.3
2025-01-07	CVE-2024-12176	The WordLift – AI powered SEO – Schema plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'wl_config_plugin' AJAX action in all versions up to, and including, 3.54.0. network low complexity CWE-862	5.3
2025-01-07	CVE-2024-12327	The LazyLoad Background Images plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pblzbg_save_settings() function in all versions up to, and including, 1.0.7. network low complexity CWE-862	4.3
2025-01-07	CVE-2024-12022	The WP Menu Image plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wmi_delete_img_menu' function in all versions up to, and including, 2.2. network low complexity CWE-862	5.3
2025-01-07	CVE-2024-12559	The ClickDesigns plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'clickdesigns_add_api' and the 'clickdesigns_remove_api' functions in all versions up to, and including, 1.8.0. network low complexity CWE-862	5.3
2025-01-02	CVE-2023-23672	Missing Authorization vulnerability in Givewp Missing Authorization vulnerability in Liquid Web / StellarWP GiveWP.This issue affects GiveWP: from n/a through 2.25.1. network low complexity givewp CWE-862	5.4

Vulnerabilities > Missing Authorization {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Missing Authorization"}]}

Vulnerabilities > Missing Authorization