Vulnerabilities > Missing Authorization
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2025-03-15 | CVE-2025-2025 | Missing Authorization vulnerability in Givewp The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the give_reports_earnings() function in all versions up to, and including, 3.22.0. | 7.5 |
2025-03-15 | CVE-2024-12336 | Missing Authorization vulnerability in Codexpert WC Affiliate The WC Affiliate – A Complete WooCommerce Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'export_all_data' function in all versions up to, and including, 2.5.3. | 6.5 |
2025-03-15 | CVE-2025-1668 | Missing Authorization vulnerability in Igexsolutions Wpschoolpress The School Management System – WPSchoolPress plugin for WordPress is vulnerable to arbitrary user deletion due to a missing capability check on the wpsp_DeleteUser() function in all versions up to, and including, 2.2.16. | 5.4 |
2025-03-15 | CVE-2025-2267 | Missing Authorization vulnerability in Wp01Ru Wp01 The WP01 plugin for WordPress is vulnerable to Arbitrary File Download in all versions up to, and including, 2.6.2 due to a missing capability check and insufficient restrictions on the make_archive() function. | 6.5 |
2025-03-15 | CVE-2025-1657 | Missing Authorization vulnerability in Stylemixthemes Ulisting The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerable to unauthorized modification of data and PHP Object Injection due to a missing capability check on the stm_listing_ajax AJAX action in all versions up to, and including, 2.1.7. | 8.8 |
2025-03-14 | CVE-2024-12810 | Missing Authorization vulnerability in Chimpgroup Jobcareer The JobCareer | Job Board Responsive WordPress Theme theme for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability checks on multiple functions in all versions up to, and including, 7.1. | 8.1 |
2025-03-14 | CVE-2025-1507 | Missing Authorization vulnerability in Sharethis Dashboard for Google Analytics The ShareThis Dashboard for Google Analytics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle_actions() function in all versions up to, and including, 3.2.1. | 5.3 |
2025-03-14 | CVE-2025-0952 | The Eco Nature - Environment & Ecology WordPress Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'cmsmasters_hide_admin_notice' AJAX action in all versions up to, and including, 2.0.4. | 8.1 |
2025-03-14 | CVE-2025-2103 | Missing Authorization vulnerability in Irontemplates Soundrise The SoundRise Music plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on theironMusic_ajax() function in all versions up to, and including, 1.6.11. | 8.8 |
2025-03-14 | CVE-2025-2289 | Missing Authorization vulnerability in Zozothemes Zegen The Zegen - Church WordPress Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX endpoints in all versions up to, and including, 1.1.9. | 8.8 |