Vulnerabilities > Missing Authorization

DATE CVE VULNERABILITY TITLE RISK
2025-03-13 CVE-2025-2104 The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to unauthorized post publication due to insufficient validation on the pagelayer_save_content() function in all versions up to, and including, 1.9.8.
network
low complexity
CWE-862
4.3
2025-03-13 CVE-2024-13703 The CRM and Lead Management by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_ajax_toggle_ae() function in all versions up to, and including, 2.7.1.
network
low complexity
CWE-862
4.3
2025-03-12 CVE-2025-1508 Missing Authorization vulnerability in Themeum WP Crowdfunding
The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the download_data action in all versions up to, and including, 2.1.13.
network
low complexity
themeum CWE-862
5.3
2025-03-11 CVE-2025-23188 An authenticated user with low privileges can exploit a missing authorization check in an IBS module of FS-RBD, allowing unauthorized access to perform actions beyond their intended permissions.
network
low complexity
CWE-862
4.3
2025-03-11 CVE-2025-25244 SAP Business Warehouse (Process Chains) allows an attacker to manipulate the process execution due to missing authorization check.
low complexity
CWE-862
5.7
2025-03-11 CVE-2025-26655 SAP Just In Time(JIT) does not perform necessary authorization checks for an authenticated user, allowing attacker to escalate privileges that would otherwise be restricted, potentially causing a low impact on the integrity of the application.Confidentiality and Availability are not impacted.
network
high complexity
CWE-862
3.1
2025-03-11 CVE-2025-26656 OData Service in Manage Purchasing Info Records does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges.
network
low complexity
CWE-862
4.3
2025-03-11 CVE-2025-26661 Due to missing authorization check, SAP NetWeaver (ABAP Class Builder) allows an attacker to gain higher access levels than they should have, resulting in escalation of privileges.
network
low complexity
CWE-862
8.8
2025-03-11 CVE-2025-27432 The eDocument Cockpit (Inbound NF-e) in SAP Electronic Invoicing for Brazil allows an authenticated attacker with certain privileges to gain unauthorized access to each transaction.
low complexity
CWE-862
2.4
2025-03-08 CVE-2024-10326 Missing Authorization vulnerability in Rometheme Romethemekit for Elementor
The RomethemeKit For Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_options and reset_widgets functions in all versions up to, and including, 1.5.3.
network
low complexity
rometheme CWE-862
4.3