Vulnerabilities > Missing Authorization

DATE CVE VULNERABILITY TITLE RISK
2025-03-15 CVE-2025-2025 Missing Authorization vulnerability in Givewp
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the give_reports_earnings() function in all versions up to, and including, 3.22.0.
network
low complexity
givewp CWE-862
7.5
2025-03-15 CVE-2024-12336 Missing Authorization vulnerability in Codexpert WC Affiliate
The WC Affiliate – A Complete WooCommerce Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'export_all_data' function in all versions up to, and including, 2.5.3.
network
low complexity
codexpert CWE-862
6.5
2025-03-15 CVE-2025-1668 Missing Authorization vulnerability in Igexsolutions Wpschoolpress
The School Management System – WPSchoolPress plugin for WordPress is vulnerable to arbitrary user deletion due to a missing capability check on the wpsp_DeleteUser() function in all versions up to, and including, 2.2.16.
network
low complexity
igexsolutions CWE-862
5.4
2025-03-15 CVE-2025-2267 Missing Authorization vulnerability in Wp01Ru Wp01
The WP01 plugin for WordPress is vulnerable to Arbitrary File Download in all versions up to, and including, 2.6.2 due to a missing capability check and insufficient restrictions on the make_archive() function.
network
low complexity
wp01ru CWE-862
6.5
2025-03-15 CVE-2025-1657 Missing Authorization vulnerability in Stylemixthemes Ulisting
The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerable to unauthorized modification of data and PHP Object Injection due to a missing capability check on the stm_listing_ajax AJAX action in all versions up to, and including, 2.1.7.
network
low complexity
stylemixthemes CWE-862
8.8
2025-03-14 CVE-2024-12810 Missing Authorization vulnerability in Chimpgroup Jobcareer
The JobCareer | Job Board Responsive WordPress Theme theme for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability checks on multiple functions in all versions up to, and including, 7.1.
network
low complexity
chimpgroup CWE-862
8.1
2025-03-14 CVE-2025-1507 Missing Authorization vulnerability in Sharethis Dashboard for Google Analytics
The ShareThis Dashboard for Google Analytics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle_actions() function in all versions up to, and including, 3.2.1.
network
low complexity
sharethis CWE-862
5.3
2025-03-14 CVE-2025-0952 The Eco Nature - Environment & Ecology WordPress Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'cmsmasters_hide_admin_notice' AJAX action in all versions up to, and including, 2.0.4.
network
low complexity
CWE-862
8.1
2025-03-14 CVE-2025-2103 Missing Authorization vulnerability in Irontemplates Soundrise
The SoundRise Music plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on theironMusic_ajax() function in all versions up to, and including, 1.6.11.
network
low complexity
irontemplates CWE-862
8.8
2025-03-14 CVE-2025-2289 Missing Authorization vulnerability in Zozothemes Zegen
The Zegen - Church WordPress Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX endpoints in all versions up to, and including, 1.1.9.
network
low complexity
zozothemes CWE-862
8.8