Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-25 | CVE-2024-12826 | The GoHero Store Customizer for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wooh_action_settings_save_frontend() function in all versions up to, and including, 3.5. | 4.3 |
| 2025-01-25 | CVE-2024-13368 | Missing Authorization vulnerability in Kainelabs Youzify The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the youzify_offer_banner() function in all versions up to, and including, 1.3.2. | 4.3 |
| 2025-01-25 | CVE-2024-13370 | Missing Authorization vulnerability in Kainelabs Youzify The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the save_addon_key_license() function in all versions up to, and including, 1.3.2. | 6.5 |
| 2025-01-24 | CVE-2025-24596 | Missing Authorization vulnerability in Wcproducttable Woocommerce Product Table Missing Authorization vulnerability in WC Product Table WooCommerce Product Table Lite allows Exploiting Incorrectly Configured Access Control Security Levels. | 9.8 |
| 2025-01-24 | CVE-2025-24753 | Missing Authorization vulnerability in Kadencewp Gutenberg Blocks With AI Missing Authorization vulnerability in Kadence WP Gutenberg Blocks by Kadence Blocks allows Exploiting Incorrectly Configured Access Control Security Levels. | 8.8 |
| 2025-01-24 | CVE-2024-13698 | Missing Authorization vulnerability in Astoundify Jobify The Jobify - Job Board WordPress Theme for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'download_image_via_ai' and 'generate_image_via_ai' functions in all versions up to, and including, 4.2.7. | 6.5 |
| 2025-01-24 | CVE-2024-13335 | Missing Authorization vulnerability in Templatescoder Spexo Addons for Elementor The Spexo Addons for Elementor – Free Elementor Addons, Widgets and Templates plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the tmpcoder_theme_install_func() function in all versions up to, and including, 1.0.14. | 4.3 |
| 2025-01-22 | CVE-2024-13447 | Missing Authorization vulnerability in Thimpress WP Hotel Booking The WP Hotel Booking plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hotel_booking_load_order_user AJAX action in all versions up to, and including, 2.1.6. | 4.3 |
| 2025-01-22 | CVE-2024-13361 | Missing Authorization vulnerability in Aipower The AI Power: Complete AI Pack plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpaicg_save_image_media function in all versions up to, and including, 1.8.96. | 8.8 |
| 2025-01-22 | CVE-2024-12879 | Missing Authorization vulnerability in Quantumcloud Wpot The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'qc_wp_latest_update_check_pro' function in all versions up to, and including, 13.5.5. | 4.3 |