Vulnerabilities > Missing Authorization

DATE	CVE	VULNERABILITY TITLE	RISK
2025-02-07	CVE-2025-1084	A vulnerability, which was classified as problematic, has been found in Mindskip xzs-mysql ????????? 3.9.0. network low complexity CWE-862	4.3
2025-02-06	CVE-2025-1074	A vulnerability, which was classified as problematic, was found in Webkul QloApps 1.6.1. network low complexity CWE-862	4.3
2025-02-04	CVE-2024-13529	The SocialV - Social Network and Community BuddyPress Theme theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'socialv_send_download_file' function in all versions up to, and including, 2.0.15. network low complexity CWE-862	6.5
2025-02-03	CVE-2024-11133	The Eventer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'handle_pdf_download_request' function in all versions up to, and including, 3.9.9. network low complexity CWE-862	5.3
2025-02-03	CVE-2024-11134	The Eventer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'eventer_export_bookings_csv' function in all versions up to, and including, 3.9.9. network low complexity CWE-862	4.3
2025-02-01	CVE-2024-13775	The WooCommerce Support Ticket System plugin for WordPress is vulnerable to unauthorized access and loss of data due to missing capability checks on the 'ajax_delete_message', 'ajax_get_customers_partial_list', and 'ajax_get_admins_list' functions in all versions up to, and including, 17.8. network low complexity CWE-862	5.4
2025-02-01	CVE-2024-12825	The Custom Related Posts plugin for WordPress is vulnerable to unauthorized access & modification of data due to a missing capability check on three AJAX actions in all versions up to, and including, 1.7.3. network low complexity CWE-862	5.4
2025-02-01	CVE-2024-13371	Missing Authorization vulnerability in Wpjobportal WP JOB Portal The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized arbitrary emails sending due to a missing capability check on the sendEmailToJobSeeker() function in all versions up to, and including, 2.2.6. network low complexity wpjobportal CWE-862	5.3
2025-02-01	CVE-2025-0939	The MagicForm plugin for WordPress is vulnerable to access and modification of data due to a missing capability check on the plugin's AJAX actions in all versions up to, and including, 1.6.2. network low complexity CWE-862	6.3
2025-02-01	CVE-2024-12171	The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the 'eh_crm_agent_add_user' AJAX action in all versions up to, and including, 3.2.6. network low complexity CWE-862	8.8

Vulnerabilities > Missing Authorization {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Missing Authorization"}]}

Vulnerabilities > Missing Authorization