VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> Missing Authorization
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2025-01-08
CVE-2024-11816
The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Remote Code Execution in version 3.0.11.
network
low complexity
CWE-862
8.8
8.8
2025-01-08
CVE-2024-11916
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification and retrieval of data due to a missing capability check on several functions in all versions up to, and including, 3.0.11.
network
low complexity
CWE-862
7.4
7.4
2025-01-08
CVE-2024-12713
The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.2 via the handle_export_form() function due to a missing capability check.
network
low complexity
CWE-862
5.3
5.3
2025-01-07
CVE-2024-12033
The Jupiter X Core plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the sync_libraries() function in all versions up to, and including, 4.8.5.
network
low complexity
CWE-862
4.3
4.3
2025-01-07
CVE-2024-12316
The Jupiter X Core plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_popup_action() function in all versions up to, and including, 4.8.5.
network
low complexity
CWE-862
5.3
5.3
2025-01-07
CVE-2024-12711
The RSVP and Event Management plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX functions like bulk_delete_attendees() and bulk_delete_questions() in all versions up to, and including, 2.7.13.
network
low complexity
CWE-862
5.3
5.3
2025-01-07
CVE-2024-12719
The WordPress File Upload plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wfu_ajax_action_read_subfolders' function in all versions up to, and including, 4.24.15.
network
low complexity
CWE-862
4.3
4.3
2025-01-07
CVE-2024-10866
The Export Import Menus plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the dsp_export_import_menus() function in all versions up to, and including, 1.9.1.
network
low complexity
CWE-862
5.3
5.3
2025-01-07
CVE-2024-12202
The Croma Music plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'ironMusic_ajax' function in all versions up to, and including, 3.6.
network
low complexity
CWE-862
8.8
8.8
2025-01-07
CVE-2024-11725
The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the updateWcWarrantySettings() function in all versions up to, and including, 3.7.6.
network
low complexity
CWE-862
8.8
8.8
«
Previous
1
2
3
(current)
4
5
...
234
235
»
Next