Vulnerabilities > Missing Authorization

DATE CVE VULNERABILITY TITLE RISK
2025-04-08 CVE-2025-27437 A Missing Authorization Check vulnerability exists in the Virus Scanner Interface of SAP NetWeaver Application Server ABAP.
network
low complexity
CWE-862
4.3
2025-04-08 CVE-2025-30017 Due to a missing authorization check, an authenticated attacker could upload a file as a template for solution documentation in SAP Solution Manager 7.1.
local
low complexity
CWE-862
4.4
2025-04-05 CVE-2024-13776 The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'dzsap_delete_notice' AJAX action in all versions up to, and including, 6.91.
network
low complexity
CWE-862
8.1
2025-04-05 CVE-2025-1233 The Lafka Plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'lafka_options_upload' AJAX function in all versions up to, and including, 7.1.0.
network
low complexity
CWE-862
4.3
2025-04-05 CVE-2025-2789 The MultiVendorX – Empower Your WooCommerce Store with a Dynamic Multivendor Marketplace – Build the Next Amazon, eBay, Etsy plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_table_rate_shipping_row function in all versions up to, and including, 4.2.19.
network
low complexity
CWE-862
5.3
2025-04-05 CVE-2025-2933 The Email Notifications for Updates plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the awun_import_settings() function in all versions up to, and including, 1.1.6.
network
low complexity
CWE-862
8.8
2025-04-04 CVE-2025-3257 A vulnerability classified as problematic has been found in xujiangfei admintwo 1.0.
network
low complexity
CWE-862
4.3
2025-04-04 CVE-2025-32220 Missing Authorization vulnerability in Salonbookingsystem Salon Booking System
Missing Authorization vulnerability in Dimitri Grassi Salon booking system allows Exploiting Incorrectly Configured Access Control Security Levels.
network
low complexity
salonbookingsystem CWE-862
8.8
2025-04-04 CVE-2025-2075 The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.3.0.2.
network
low complexity
CWE-862
8.8
2025-04-03 CVE-2025-3150 A vulnerability was found in itning Student Homework Management System up to 1.2.7.
network
low complexity
CWE-862
4.3