VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> Missing Authorization
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2024-12-21
CVE-2024-12558
The WP BASE Booking of Appointments, Services and Events plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_db function in all versions up to, and including, 4.9.2.
network
low complexity
CWE-862
6.5
6.5
2024-12-20
CVE-2024-56349
Missing Authorization vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2024.12 improper access control allowed unauthorized users to modify build logs
network
low complexity
jetbrains
CWE-862
5.3
5.3
2024-12-19
CVE-2024-12331
The File Manager Pro – Filester plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_install_plugin' function in all versions up to, and including, 1.8.6.
network
low complexity
CWE-862
4.3
4.3
2024-12-18
CVE-2024-11926
The Travel Booking WordPress Theme theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '__stPartnerCreateServiceRental', 'st_delete_order_item', '_st_partner_approve_booking', 'save_order_item', and '__userDenyEachInfo' functions in all versions up to, and including, 3.1.6.
network
low complexity
CWE-862
6.5
6.5
2024-12-18
CVE-2024-12259
The CRM WordPress Plugin – RepairBuddy plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.8120.
network
low complexity
CWE-862
8.8
8.8
2024-12-18
CVE-2024-12596
The LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to arbitrary post deletion due to a missing capability check on the 'llms_delete_cert' action in all versions up to, and including, 7.8.5.
network
low complexity
CWE-862
4.3
4.3
2024-12-14
CVE-2024-11715
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the assignUserRole() function in all versions up to, and including, 2.2.2.
network
high complexity
CWE-862
4.8
4.8
2024-12-13
CVE-2024-10783
The MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites plugin for WordPress is vulnerable to privilege escalation due to a missing authorization checks on the register_site function in all versions up to, and including, 5.2 when a site is left in an unconfigured state.
network
high complexity
CWE-862
8.1
8.1
2024-12-13
CVE-2024-11911
The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the install_woocommerce_plugin() function action in all versions up to, and including, 2.1.12.
network
low complexity
CWE-862
4.3
4.3
2024-12-13
CVE-2024-12300
The AR for WordPress plugin for WordPress is vulnerable to unauthorized double extension file upload due to a missing capability check on the set_ar_featured_image() function in all versions up to, and including, 7.3.
network
high complexity
CWE-862
3.7
3.7
«
Previous
1
2
...
4
5
6
(current)
7
8
...
234
235
»
Next