Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-06 | CVE-2024-7622 | Missing Authorization vulnerability in Jetplugs Revision Manager TMC The Revision Manager TMC plugin for WordPress is vulnerable to unauthorized arbitrary email sending due to a missing capability check on the _a_ajaxQuickEmailTestCallback() function in all versions up to, and including, 2.8.19. | 4.3 |
| 2024-09-06 | CVE-2024-8427 | Missing Authorization vulnerability in Wpshuffle Frontend Post Submission Manager The Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_global_settings and process_form_edit functions in all versions up to, and including, 1.2.2. | 4.3 |
| 2024-09-06 | CVE-2024-8480 | Missing Authorization vulnerability in Sirv The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'sirv_save_prevented_sizes' function in all versions up to, and including, 7.2.7. | 8.8 |
| 2024-09-05 | CVE-2024-7380 | Missing Authorization vulnerability in Infinitumform GEO Controller The Geo Controller plugin for WordPress is vulnerable to unauthorized menu creation/deletion due to missing capability checks on the ajax__geolocate_menu and ajax__geolocate_remove_menu functions in all versions up to, and including, 8.6.9. | 4.3 |
| 2024-09-05 | CVE-2024-7381 | Missing Authorization vulnerability in Infinitumform GEO Controller The Geo Controller plugin for WordPress is vulnerable to unauthorized shortcode execution due to missing authorization and capability checks on the ajax__shortcode_cache function in all versions up to, and including, 8.6.9. | 5.3 |
| 2024-09-05 | CVE-2024-7605 | Missing Authorization vulnerability in Helloasso The HelloAsso plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ha_ajax' function in all versions up to, and including, 1.1.10. | 4.3 |
| 2024-09-05 | CVE-2024-6332 | Missing Authorization vulnerability in Tmsproducts Amelia The Booking for Appointments and Events Calendar – Amelia Premium and Lite plugins for WordPress are vulnerable to unauthorized access of data due to a missing capability check on the 'ameliaButtonCommand' function in all versions up to, and including, Premium 7.7 and Lite 1.2.3. | 6.5 |
| 2024-09-05 | CVE-2024-5309 | Missing Authorization vulnerability in Wpvibes Form Vibes The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the fv_export_csv, reset_settings, save_settings, save_columns_settings, get_analytics_data, get_event_logs_data, delete_submissions, and get_submissions functions in all versions up to, and including, 1.4.12. | 5.4 |
| 2024-09-04 | CVE-2024-8289 | Missing Authorization vulnerability in Multivendorx The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to privilege escalation/de-escalation and account takeover due to an insufficient capability check on the update_item_permissions_check and create_item_permissions_check functions in all versions up to, and including, 4.2.0. | 9.8 |
| 2024-09-04 | CVE-2024-8102 | Missing Authorization vulnerability in Wpextended WP Extended The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the module_all_toggle_ajax() function in all versions up to, and including, 3.0.8. | 8.8 |