Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-19 | CVE-2025-2290 | The LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to Unauthenticated Post Trashing due to a missing capability check on the delete_access_plan function and the related AJAX calls in all versions up to, and including, 8.0.1. | 5.3 |
| 2025-03-18 | CVE-2025-2262 | The The Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.7.3. | 7.3 |
| 2025-03-15 | CVE-2025-2025 | Missing Authorization vulnerability in Givewp The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the give_reports_earnings() function in all versions up to, and including, 3.22.0. | 7.5 |
| 2025-03-15 | CVE-2024-12336 | Missing Authorization vulnerability in Codexpert WC Affiliate The WC Affiliate – A Complete WooCommerce Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'export_all_data' function in all versions up to, and including, 2.5.3. | 6.5 |
| 2025-03-15 | CVE-2025-1668 | Missing Authorization vulnerability in Igexsolutions Wpschoolpress The School Management System – WPSchoolPress plugin for WordPress is vulnerable to arbitrary user deletion due to a missing capability check on the wpsp_DeleteUser() function in all versions up to, and including, 2.2.16. | 5.4 |
| 2025-03-15 | CVE-2025-2267 | Missing Authorization vulnerability in Wp01Ru Wp01 The WP01 plugin for WordPress is vulnerable to Arbitrary File Download in all versions up to, and including, 2.6.2 due to a missing capability check and insufficient restrictions on the make_archive() function. | 6.5 |
| 2025-03-15 | CVE-2025-1657 | Missing Authorization vulnerability in Stylemixthemes Ulisting The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerable to unauthorized modification of data and PHP Object Injection due to a missing capability check on the stm_listing_ajax AJAX action in all versions up to, and including, 2.1.7. | 8.8 |
| 2025-03-14 | CVE-2024-12810 | Missing Authorization vulnerability in Chimpgroup Jobcareer The JobCareer | Job Board Responsive WordPress Theme theme for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability checks on multiple functions in all versions up to, and including, 7.1. | 8.1 |
| 2025-03-14 | CVE-2025-1507 | Missing Authorization vulnerability in Sharethis Dashboard for Google Analytics The ShareThis Dashboard for Google Analytics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle_actions() function in all versions up to, and including, 3.2.1. | 5.3 |
| 2025-03-14 | CVE-2025-0952 | The Eco Nature - Environment & Ecology WordPress Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'cmsmasters_hide_admin_notice' AJAX action in all versions up to, and including, 2.0.4. | 8.1 |