Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-06 | CVE-2024-8480 | Missing Authorization vulnerability in Sirv The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'sirv_save_prevented_sizes' function in all versions up to, and including, 7.2.7. | 8.8 |
| 2024-09-05 | CVE-2024-7380 | Missing Authorization vulnerability in Infinitumform GEO Controller The Geo Controller plugin for WordPress is vulnerable to unauthorized menu creation/deletion due to missing capability checks on the ajax__geolocate_menu and ajax__geolocate_remove_menu functions in all versions up to, and including, 8.6.9. | 4.3 |
| 2024-09-05 | CVE-2024-7381 | Missing Authorization vulnerability in Infinitumform GEO Controller The Geo Controller plugin for WordPress is vulnerable to unauthorized shortcode execution due to missing authorization and capability checks on the ajax__shortcode_cache function in all versions up to, and including, 8.6.9. | 5.3 |
| 2024-09-05 | CVE-2024-7605 | Missing Authorization vulnerability in Helloasso The HelloAsso plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ha_ajax' function in all versions up to, and including, 1.1.10. | 4.3 |
| 2024-09-05 | CVE-2024-6332 | Missing Authorization vulnerability in Tmsproducts Amelia The Booking for Appointments and Events Calendar – Amelia Premium and Lite plugins for WordPress are vulnerable to unauthorized access of data due to a missing capability check on the 'ameliaButtonCommand' function in all versions up to, and including, Premium 7.7 and Lite 1.2.3. | 6.5 |
| 2024-09-05 | CVE-2024-5309 | Missing Authorization vulnerability in Wpvibes Form Vibes The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the fv_export_csv, reset_settings, save_settings, save_columns_settings, get_analytics_data, get_event_logs_data, delete_submissions, and get_submissions functions in all versions up to, and including, 1.4.12. | 5.4 |
| 2024-09-04 | CVE-2024-8289 | Missing Authorization vulnerability in Multivendorx The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to privilege escalation/de-escalation and account takeover due to an insufficient capability check on the update_item_permissions_check and create_item_permissions_check functions in all versions up to, and including, 4.2.0. | 9.8 |
| 2024-09-04 | CVE-2024-8102 | Missing Authorization vulnerability in Wpextended WP Extended The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the module_all_toggle_ajax() function in all versions up to, and including, 3.0.8. | 8.8 |
| 2024-09-04 | CVE-2024-8121 | Missing Authorization vulnerability in Wpextended WP Extended The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification of user names due to a missing capability check on the wpext_change_admin_name() function in all versions up to, and including, 3.0.8. | 4.3 |
| 2024-09-04 | CVE-2024-7950 | Missing Authorization vulnerability in Wpjobportal WP JOB Portal The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Local File Inclusion, Arbitrary Settings Update, and User Creation in all versions up to, and including, 2.1.6 via several functions called by the 'checkFormRequest' function. | 9.8 |