Vulnerabilities > Missing Authorization

DATE CVE VULNERABILITY TITLE RISK
2025-02-01 CVE-2024-12184 The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the accua_forms_download_submitted_file() function in all versions up to, and including, 1.9.4.
network
low complexity
CWE-862
5.3
5.3
2025-02-01 CVE-2024-12620 The AnimateGL Animations for WordPress – Elementor & Gutenberg Blocks Animations plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'agl_json' AJAX action in all versions up to, and including, 1.4.23.
network
low complexity
CWE-862
5.3
5.3
2025-02-01 CVE-2024-13651 The RapidLoad – Optimize Web Vitals Automatically plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_deactivate() function in all versions up to, and including, 2.4.4.
network
low complexity
CWE-862
4.3
4.3
2025-01-31 CVE-2024-13530 The Custom Login Page Styler – Limit Login Attempts – Restrict Content With Login – Redirect After Login – Change Login URL – Sign in , Sign out plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the lps_handle_delete_all_logs(), lps_handle_delete_login_log(), and lps_handle_end_session() functions in all versions up to, and including, 7.1.1.
network
low complexity
CWE-862
4.3
4.3
2025-01-31 CVE-2024-13415 The Food Menu – Restaurant Menu & Online Ordering for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the response() function in all versions up to, and including, 5.1.4.
network
low complexity
CWE-862
4.3
4.3
2025-01-31 CVE-2024-13424 The Ni Sales Commission For WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'niwoosc_ajax' AJAX endpoint in all versions up to, and including, 1.2.4.
network
low complexity
CWE-862
4.3
4.3
2025-01-31 CVE-2024-13717 The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_ajax_toggle_ae and vcita_ajax_toggle_contact functions in all versions up to, and including, 2.7.1.
network
low complexity
CWE-862
4.3
4.3
2025-01-31 CVE-2024-13767 The Live2DWebCanvas plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the ClearFiles() function in all versions up to, and including, 1.9.11.
network
low complexity
CWE-862
8.1
8.1
2025-01-30 CVE-2024-10591 Missing Authorization vulnerability in Makewebbetter Hubspot for Woocommerce
The MWB HubSpot for WooCommerce – CRM, Abandoned Cart, Email Marketing, Marketing Automation & Analytics plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the hubwoo_save_updates() function in all versions up to, and including, 1.5.9.
network
low complexity
makewebbetter CWE-862
8.8
8.8
2025-01-30 CVE-2024-11583 Missing Authorization vulnerability in Visualmodo Borderless
The Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'remove_zipped_font' function in all versions up to, and including, 1.5.9.
network
low complexity
visualmodo CWE-862
4.3
4.3