VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> Missing Authorization
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2025-01-07
CVE-2024-12781
The Aurum - WordPress & WooCommerce Shopping Theme theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'lab_1cl_demo_install_package_content' function in all versions up to, and including, 4.0.2.
network
low complexity
CWE-862
4.3
4.3
2025-01-07
CVE-2024-10536
The FancyPost – Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the handle_block_shortcode_export() function in all versions up to, and including, 6.0.0.
network
low complexity
CWE-862
4.3
4.3
2025-01-07
CVE-2024-12535
The Host PHP Info plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when including the 'phpinfo' function in all versions up to, and including, 1.0.4.
network
low complexity
CWE-862
8.6
8.6
2025-01-07
CVE-2024-9697
The Social Rocket – Social Sharing Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tweet_settings_save() and tweet_settings_update() functions in all versions up to, and including, 1.3.4.
network
low complexity
CWE-862
5.3
5.3
2025-01-07
CVE-2024-10527
The Spacer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the motech_spacer_callback() function in all versions up to, and including, 3.0.7.
network
high complexity
CWE-862
3.1
3.1
2025-01-07
CVE-2024-11496
The Infility Global plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the infility_global_ajax function in all versions up to, and including, 2.9.8.
network
low complexity
CWE-862
6.5
6.5
2025-01-07
CVE-2024-12158
The Popup – MailChimp, GetResponse and ActiveCampaign Intergrations plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'upc_delete_db_data' AJAX action in all versions up to, and including, 3.2.6.
network
low complexity
CWE-862
5.3
5.3
2025-01-07
CVE-2024-12176
The WordLift – AI powered SEO – Schema plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'wl_config_plugin' AJAX action in all versions up to, and including, 3.54.0.
network
low complexity
CWE-862
5.3
5.3
2025-01-07
CVE-2024-12327
The LazyLoad Background Images plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pblzbg_save_settings() function in all versions up to, and including, 1.0.7.
network
low complexity
CWE-862
4.3
4.3
2025-01-07
CVE-2024-12022
The WP Menu Image plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wmi_delete_img_menu' function in all versions up to, and including, 2.2.
network
low complexity
CWE-862
5.3
5.3
«
Previous
1
2
3
4
(current)
5
6
...
234
235
»
Next