Vulnerabilities > Missing Authorization

DATE	CVE	VULNERABILITY TITLE	RISK
2025-03-13	CVE-2025-2104	The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to unauthorized post publication due to insufficient validation on the pagelayer_save_content() function in all versions up to, and including, 1.9.8. network low complexity CWE-862	4.3
2025-03-13	CVE-2024-13703	The CRM and Lead Management by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_ajax_toggle_ae() function in all versions up to, and including, 2.7.1. network low complexity CWE-862	4.3
2025-03-12	CVE-2025-1508	Missing Authorization vulnerability in Themeum WP Crowdfunding The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the download_data action in all versions up to, and including, 2.1.13. network low complexity themeum CWE-862	5.3
2025-03-11	CVE-2025-23188	An authenticated user with low privileges can exploit a missing authorization check in an IBS module of FS-RBD, allowing unauthorized access to perform actions beyond their intended permissions. network low complexity CWE-862	4.3
2025-03-11	CVE-2025-25244	SAP Business Warehouse (Process Chains) allows an attacker to manipulate the process execution due to missing authorization check. low complexity CWE-862	5.7
2025-03-11	CVE-2025-26655	SAP Just In Time(JIT) does not perform necessary authorization checks for an authenticated user, allowing attacker to escalate privileges that would otherwise be restricted, potentially causing a low impact on the integrity of the application.Confidentiality and Availability are not impacted. network high complexity CWE-862	3.1
2025-03-11	CVE-2025-26656	OData Service in Manage Purchasing Info Records does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. network low complexity CWE-862	4.3
2025-03-11	CVE-2025-26661	Due to missing authorization check, SAP NetWeaver (ABAP Class Builder) allows an attacker to gain higher access levels than they should have, resulting in escalation of privileges. network low complexity CWE-862	8.8
2025-03-11	CVE-2025-27432	The eDocument Cockpit (Inbound NF-e) in SAP Electronic Invoicing for Brazil allows an authenticated attacker with certain privileges to gain unauthorized access to each transaction. low complexity CWE-862	2.4
2025-03-08	CVE-2024-10326	Missing Authorization vulnerability in Rometheme Romethemekit for Elementor The RomethemeKit For Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_options and reset_widgets functions in all versions up to, and including, 1.5.3. network low complexity rometheme CWE-862	4.3

Vulnerabilities > Missing Authorization {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Missing Authorization"}]}

Vulnerabilities > Missing Authorization