Vulnerabilities > Missing Authorization

DATE CVE VULNERABILITY TITLE RISK
2025-03-08 CVE-2025-1325 Missing Authorization vulnerability in Plechevandrey Wp-Recall
The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to arbitrary shortcode execution due to a missing capability check on the 'rcl_preview_post' AJAX endpoint in all versions up to, and including, 16.26.10.
network
low complexity
plechevandrey CWE-862
6.3
2025-03-08 CVE-2024-13816 Missing Authorization vulnerability in Coderevolution Aiomatic
The Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability checks on multiple functions in all versions up to, and including, 2.3.6.
network
low complexity
coderevolution CWE-862
5.4
2025-03-08 CVE-2025-1481 Missing Authorization vulnerability in Jozoor Shortcode Cleaner Lite
The Shortcode Cleaner Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the download_backup() function in all versions up to, and including, 1.0.9.
network
low complexity
jozoor CWE-862
4.3
2025-03-08 CVE-2025-1504 Missing Authorization vulnerability in Andypalmer Post Lockdown
The Post Lockdown plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.0.2 via the 'pl_autocomplete' AJAX action due to insufficient restrictions on which posts can be included.
network
low complexity
andypalmer CWE-862
6.5
2025-03-07 CVE-2024-12610 The School Management System for Wordpress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'mj_smgt_remove_feetype' and 'mj_smgt_remove_category_new' AJAX actions in all versions up to, and including, 93.0.0.
network
low complexity
CWE-862
5.3
2025-03-07 CVE-2024-12611 The School Management System for Wordpress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'title' parameter in all versions up to, and including, 93.0.0 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-862
5.3
2025-03-07 CVE-2024-12876 Missing Authorization vulnerability in Uxper Golo
The Golo - City Travel Guide WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.10.
network
low complexity
uxper CWE-862
critical
9.8
2025-03-07 CVE-2025-1309 The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the uip_save_form_as_option() function in all versions up to, and including, 3.5.04.
network
low complexity
CWE-862
8.8
2025-03-07 CVE-2024-13655 The Flex Mag - Responsive WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the propanel_of_ajax_callback() function in all versions up to, and including, 3.5.2.
network
low complexity
CWE-862
8.1
2025-03-07 CVE-2024-13526 The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability checks on the export_submittion_attendees function in all versions up to, and including, 4.0.7.3.
network
low complexity
CWE-862
4.3