VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> Missing Authorization
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2025-02-12
CVE-2024-13654
The ZoxPress - The All-In-One WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'reset_options' function in all versions up to, and including, 2.12.0.
network
low complexity
CWE-862
8.1
8.1
2025-02-12
CVE-2024-13656
The Click Mag - Viral WordPress News Magazine/Blog Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the propanel_of_ajax_callback() function in all versions up to, and including, 3.6.0.
network
low complexity
CWE-862
8.1
8.1
2025-02-12
CVE-2024-13769
The Puzzles | WP Magazine / Review with Store WordPress Theme + RTL theme for WordPress is vulnerable to Stored Cross-Site Scripting due to a missing capability check on the 'theme_options_ajax_post_action' AJAX action in all versions up to, and including, 4.2.4.
network
low complexity
CWE-862
6.4
6.4
2025-02-12
CVE-2024-13800
The ConvertPlus plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'cp_dismiss_notice' AJAX endpoint in all versions up to, and including, 3.5.30.
network
low complexity
CWE-862
8.1
8.1
2025-02-12
CVE-2024-13541
The aDirectory – WordPress Directory Listing Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the adqs_delete_listing() function in all versions up to, and including, 2.3.
network
low complexity
CWE-862
4.3
4.3
2025-02-12
CVE-2024-13554
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reorder_route() function in all versions up to, and including, 3.0.13.
network
low complexity
CWE-862
5.3
5.3
2025-02-11
CVE-2024-13643
The Zox News - Professional WordPress News & Magazine Theme plugin for WordPress is vulnerable to unauthorized data modification.
network
low complexity
CWE-862
8.8
8.8
2025-02-11
CVE-2025-23189
Due to missing authorization check in an RFC enabled function module in transaction SDCCN, an authenticated attacker could generate technical meta-data.
network
low complexity
CWE-862
4.3
4.3
2025-02-11
CVE-2025-23190
Due to missing authorization check, an authenticated attacker could call a remote-enabled function module which allows them to access data that they would otherwise not have access to.
network
low complexity
CWE-862
4.3
4.3
2025-02-07
CVE-2025-25167
Missing Authorization vulnerability in Blackandwhitedigital Bookpress 1.2.7
Missing Authorization vulnerability in blackandwhitedigital BookPress – For Book Authors allows Exploiting Incorrectly Configured Access Control Security Levels.
network
low complexity
blackandwhitedigital
CWE-862
critical
9.8
9.8
«
Previous
1
2
3
(current)
4
5
...
246
247
»
Next