Vulnerabilities > Missing Authorization

DATE CVE VULNERABILITY TITLE RISK
2025-03-19 CVE-2025-2290 The LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to Unauthenticated Post Trashing due to a missing capability check on the delete_access_plan function and the related AJAX calls in all versions up to, and including, 8.0.1.
network
low complexity
CWE-862
5.3
2025-03-18 CVE-2025-2262 The The Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.7.3.
network
low complexity
CWE-862
7.3
2025-03-15 CVE-2025-2025 Missing Authorization vulnerability in Givewp
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the give_reports_earnings() function in all versions up to, and including, 3.22.0.
network
low complexity
givewp CWE-862
7.5
2025-03-15 CVE-2024-12336 Missing Authorization vulnerability in Codexpert WC Affiliate
The WC Affiliate – A Complete WooCommerce Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'export_all_data' function in all versions up to, and including, 2.5.3.
network
low complexity
codexpert CWE-862
6.5
2025-03-15 CVE-2025-1668 Missing Authorization vulnerability in Igexsolutions Wpschoolpress
The School Management System – WPSchoolPress plugin for WordPress is vulnerable to arbitrary user deletion due to a missing capability check on the wpsp_DeleteUser() function in all versions up to, and including, 2.2.16.
network
low complexity
igexsolutions CWE-862
5.4
2025-03-15 CVE-2025-2267 Missing Authorization vulnerability in Wp01Ru Wp01
The WP01 plugin for WordPress is vulnerable to Arbitrary File Download in all versions up to, and including, 2.6.2 due to a missing capability check and insufficient restrictions on the make_archive() function.
network
low complexity
wp01ru CWE-862
6.5
2025-03-15 CVE-2025-1657 Missing Authorization vulnerability in Stylemixthemes Ulisting
The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerable to unauthorized modification of data and PHP Object Injection due to a missing capability check on the stm_listing_ajax AJAX action in all versions up to, and including, 2.1.7.
network
low complexity
stylemixthemes CWE-862
8.8
2025-03-14 CVE-2024-12810 Missing Authorization vulnerability in Chimpgroup Jobcareer
The JobCareer | Job Board Responsive WordPress Theme theme for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability checks on multiple functions in all versions up to, and including, 7.1.
network
low complexity
chimpgroup CWE-862
8.1
2025-03-14 CVE-2025-1507 Missing Authorization vulnerability in Sharethis Dashboard for Google Analytics
The ShareThis Dashboard for Google Analytics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle_actions() function in all versions up to, and including, 3.2.1.
network
low complexity
sharethis CWE-862
5.3
2025-03-14 CVE-2025-0952 The Eco Nature - Environment & Ecology WordPress Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'cmsmasters_hide_admin_notice' AJAX action in all versions up to, and including, 2.0.4.
network
low complexity
CWE-862
8.1