Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-05-07 | CVE-2025-2821 | The Search Exclude plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the get_rest_permission function in all versions up to, and including, 2.4.9. | 5.3 |
| 2025-05-06 | CVE-2025-0856 | The PGS Core plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.8.0. | 7.3 |
| 2025-05-05 | CVE-2025-4282 | Missing Authorization vulnerability in Oretnom23 Stock Management System 1.0 A vulnerability has been found in SourceCodester/oretnom23 Stock Management System 1.0 and classified as problematic. | 8.8 |
| 2025-05-02 | CVE-2024-13419 | Missing Authorization vulnerability in G5Plus products Multiple plugins and/or themes for WordPress using Smart Framework are vulnerable to Stored Cross-Site Scripting due to a missing capability check on the saveOptions() and importThemeOptions() functions in various versions. | 5.4 |
| 2025-05-02 | CVE-2025-1326 | Missing Authorization vulnerability in Favethemes Homey The Homey theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the homey_reservation_del() function in all versions up to, and including, 2.4.4. | 4.3 |
| 2025-05-02 | CVE-2025-3746 | The OTP-less one tap Sign in plugin for WordPress is vulnerable to privilege escalation via account takeover in versions 2.0.14 to 2.0.59. | 9.8 |
| 2025-05-02 | CVE-2025-4177 | Missing Authorization vulnerability in Flynax Bridge The Flynax Bridge plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the deleteUser() function in all versions up to, and including, 2.2.0. | 5.3 |
| 2025-05-01 | CVE-2025-3952 | Missing Authorization vulnerability in Projectopia The Projectopia – WordPress Project Management plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'pto_remove_logo' function in all versions up to, and including, 5.1.16. | 8.1 |
| 2025-05-01 | CVE-2025-1304 | Missing Authorization vulnerability in Spicethemes Newsblogger The NewsBlogger theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the newsblogger_install_and_activate_plugin() function in all versions up to, and including, 0.2.5.1. | 8.8 |
| 2025-05-01 | CVE-2025-2816 | Missing Authorization vulnerability in A3Rev Page View Count The Page View Count plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the yellow_message_dontshow() function in versions 2.8.0 to 2.8.4. | 8.1 |