Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-05 | CVE-2024-1072 | Missing Authorization vulnerability in Seedprod Website Builder BY Seedprod The Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the seedprod_lite_new_lpage function in all versions up to, and including, 6.15.21. | 7.5 |
| 2024-02-05 | CVE-2024-1092 | Missing Authorization vulnerability in Themeisle RSS Aggregator BY Feedzy The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the feedzy dashboard in all versions up to, and including, 4.4.1. | 4.3 |
| 2024-02-05 | CVE-2024-1121 | Missing Authorization vulnerability in Hookturn Advanced Forms for ACF The Advanced Forms for ACF plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_json_file() function in all versions up to, and including, 1.9.3.2. | 5.3 |
| 2024-02-05 | CVE-2024-1177 | Missing Authorization vulnerability in Wpclubmanager WP Club Manager The WP Club Manager – WordPress Sports Club Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settings_save() function in all versions up to, and including, 2.2.10. | 5.3 |
| 2024-02-05 | CVE-2023-4637 | Missing Authorization vulnerability in Wpvivid Migration, Backup, Staging The WPvivid plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the restore() and get_restore_progress() function in versions up to, and including, 0.9.94. | 5.3 |
| 2024-02-05 | CVE-2023-6700 | Missing Authorization vulnerability in Cookieinformation Wp-Gdpr-Compliance The Cookie Information | Free GDPR Consent Solution plugin for WordPress is vulnerable to arbitrary option updates due to a missing capability check on its AJAX request handler in versions up to, and including, 2.0.22. | 8.8 |
| 2024-02-05 | CVE-2023-6959 | Missing Authorization vulnerability in Motopress Getwid The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the recaptcha_api_key_manage function in all versions up to, and including, 2.0.3. | 4.3 |
| 2024-02-05 | CVE-2023-6985 | Missing Authorization vulnerability in 10Web AI Assistant The 10Web AI Assistant – AI content writing assistant plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the install_plugin AJAX action in all versions up to, and including, 1.0.18. | 8.8 |
| 2024-02-05 | CVE-2024-0324 | Missing Authorization vulnerability in Cozmoslabs Profile Builder The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wppb_two_factor_authentication_settings_update' function in all versions up to, and including, 3.10.8. | 7.5 |
| 2024-02-02 | CVE-2024-1047 | Missing Authorization vulnerability in Themeisle Orbit FOX The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the register_reference() function in all versions up to, and including, 2.10.28. | 5.3 |