Vulnerabilities > Missing Authorization

DATE CVE VULNERABILITY TITLE RISK
2025-03-14 CVE-2025-2103 Missing Authorization vulnerability in Irontemplates Soundrise
The SoundRise Music plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on theironMusic_ajax() function in all versions up to, and including, 1.6.11.
network
low complexity
irontemplates CWE-862
8.8
2025-03-14 CVE-2025-2289 Missing Authorization vulnerability in Zozothemes Zegen
The Zegen - Church WordPress Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX endpoints in all versions up to, and including, 1.1.9.
network
low complexity
zozothemes CWE-862
8.8
2025-03-14 CVE-2025-0955 The VidoRev Extensions plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'vidorev_import_single_video' AJAX action in all versions up to, and including, 2.9.9.9.9.9.5.
network
low complexity
CWE-862
5.3
2025-03-14 CVE-2025-1285 The Resido - Real Estate WordPress Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the delete_api_key and save_api_key AJAX actions in all versions up to, and including, 3.6.
network
low complexity
CWE-862
5.3
2025-03-14 CVE-2025-1528 The Search & Filter Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_meta_values' function in all versions up to, and including, 2.5.19.
network
low complexity
CWE-862
4.3
2025-03-13 CVE-2025-24974 Missing Authorization vulnerability in Dataease
DataEase is an open source business intelligence and data visualization tool.
network
low complexity
dataease CWE-862
6.5
2025-03-13 CVE-2025-2104 The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to unauthorized post publication due to insufficient validation on the pagelayer_save_content() function in all versions up to, and including, 1.9.8.
network
low complexity
CWE-862
4.3
2025-03-13 CVE-2024-13703 The CRM and Lead Management by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_ajax_toggle_ae() function in all versions up to, and including, 2.7.1.
network
low complexity
CWE-862
4.3
2025-03-12 CVE-2025-1508 Missing Authorization vulnerability in Themeum WP Crowdfunding
The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the download_data action in all versions up to, and including, 2.1.13.
network
low complexity
themeum CWE-862
5.3
2025-03-11 CVE-2025-28872 Missing Authorization vulnerability in Jwpegram Block Spam BY Math Reloaded
Missing Authorization vulnerability in jwpegram Block Spam By Math Reloaded allows Accessing Functionality Not Properly Constrained by ACLs.
network
low complexity
jwpegram CWE-862
critical
9.8