VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> Missing Authorization
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2025-04-14
CVE-2025-3561
A vulnerability was found in ghostxbh uzy-ssm-mall 1.0.0.
network
low complexity
CWE-862
4.3
4.3
2025-04-14
CVE-2025-3557
A vulnerability, which was classified as problematic, has been found in ScriptAndTools eCommerce-website-in-PHP 3.0.
network
low complexity
CWE-862
4.3
4.3
2025-04-10
CVE-2025-2719
The Swatchly – WooCommerce Variation Swatches for Products (product attributes: Image swatch, Color swatches, Label swatches) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_dismiss function in versions 1.2.8 to 1.4.0.
network
low complexity
CWE-862
6.5
6.5
2025-04-10
CVE-2025-3417
The Embedder plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajax_set_global_option() function in versions 1.3 to 1.3.5.
network
low complexity
CWE-862
8.8
8.8
2025-04-08
CVE-2025-2568
The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on the 'vayu_blocks_get_toggle_switch_values_callback' and 'vayu_blocks_save_toggle_switch_callback' function in versions 1.0.4 to 1.2.1.
network
low complexity
CWE-862
5.3
5.3
2025-04-08
CVE-2025-2876
The MelaPress Login Security and MelaPress Login Security Premium plugins for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'monitor_admin_actions' function in version 2.1.0.
network
low complexity
CWE-862
5.3
5.3
2025-04-08
CVE-2025-2807
The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary plugin installations due to a missing capability check in the mvl_setup_wizard_install_plugin() function in all versions up to, and including, 1.4.64.
network
low complexity
CWE-862
8.8
8.8
2025-04-08
CVE-2025-3437
The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in the ajax_actions.php file in all versions up to, and including, 1.4.66.
network
low complexity
CWE-862
4.3
4.3
2025-04-08
CVE-2025-26657
SAP KMC WPC allows an unauthenticated attacker to remotely retrieve usernames by a simple parameter query which could expose sensitive information causing low impact on confidentiality of the application.
network
low complexity
CWE-862
5.3
5.3
2025-04-08
CVE-2025-27428
Due to directory traversal vulnerability, an authorized attacker could gain access to some critical information by using RFC enabled function module.
network
low complexity
CWE-862
7.7
7.7
«
Previous
1
2
3
4
(current)
5
6
...
268
269
»
Next