VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> Missing Authorization
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2024-12-12
CVE-2024-11724
The Cookie Consent for WP – Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpl_script_save AJAX action in all versions up to, and including, 3.6.5.
network
low complexity
CWE-862
4.3
4.3
2024-12-12
CVE-2024-12201
The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check when creating form styles in all versions up to, and including, 1.2.1.
network
low complexity
CWE-862
4.3
4.3
2024-12-12
CVE-2024-12018
The Snippet Shortcodes plugin for WordPress is vulnerable to unauthorized Shortcode Deletion due to missing authorization in all versions up to, and including, 4.1.6.
network
low complexity
CWE-862
4.3
4.3
2024-12-12
CVE-2024-12172
The WP Courses LMS – Online Courses Builder, eLearning Courses, Courses Solution, Education Courses plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpc_update_user_meta_option() function in all versions up to, and including, 3.2.21.
network
low complexity
CWE-862
7.5
7.5
2024-12-12
CVE-2024-12263
The Child Theme Creator by Orbisius plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cloud_delete() and cloud_update() functions in all versions up to, and including, 1.5.5.
network
low complexity
CWE-862
4.3
4.3
2024-12-12
CVE-2024-12265
The Web3 Crypto Payments by DePay for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /wp-json/depay/wc/debug REST API endpoint in all versions up to, and including, 2.12.17.
network
low complexity
CWE-862
5.3
5.3
2024-12-12
CVE-2024-11709
The AI Post Generator | AutoWriter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ai_post_generator_delete_Post AJAX action in all versions up to, and including, 3.5.
network
low complexity
CWE-862
4.3
4.3
2024-12-12
CVE-2024-11443
The de:branding plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the debranding_save() function in all versions up to, and including, 1.0.2.
network
low complexity
CWE-862
8.8
8.8
2024-12-12
CVE-2024-12341
The Custom Skins Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'cf7cs_action_callback' function in all versions up to, and including, 1.0.
network
low complexity
CWE-862
4.3
4.3
2024-12-12
CVE-2024-54466
Missing Authorization vulnerability in Apple Macos
An authorization issue was addressed with improved state management.
network
low complexity
apple
CWE-862
5.3
5.3
«
Previous
1
2
...
5
6
7
(current)
8
9
...
234
235
»
Next