VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> Missing Authorization
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2025-03-06
CVE-2025-2042
A vulnerability has been found in huang-yk student-manage 1.0 and classified as problematic.
network
low complexity
CWE-862
4.3
4.3
2025-03-06
CVE-2025-1666
The Cookie banner plugin for WordPress – Cookiebot CMP by Usercentrics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the send_uninstall_survey() function in all versions up to, and including, 4.4.1.
network
low complexity
CWE-862
4.3
4.3
2025-03-05
CVE-2024-13423
The Sparkling theme for WordPress is vulnerable to unauthorized plugin activation/deactivation due to a missing capability check on the 'sparkling_activate_plugin' and 'sparkling_deactivate_plugin' functions in versions up to, and including, 2.4.9.
network
low complexity
CWE-862
5.3
5.3
2025-03-05
CVE-2024-13232
The WordPress Awesome Import & Export Plugin - Import & Export WordPress Data plugin for WordPress is vulnerable arbitrary SQL Execution and privilege escalation due to a missing capability check on the renderImport() function in all versions up to, and including, 4.1.1.
network
low complexity
CWE-862
8.8
8.8
2025-03-05
CVE-2024-13747
The WooMail - WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'template_delete_saved' function in all versions up to, and including, 3.0.34.
network
low complexity
CWE-862
4.3
4.3
2025-03-05
CVE-2024-13780
The Hero Mega Menu - Responsive WordPress Menu Plugin plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the hmenu_delete_menu() function in all versions up to, and including, 1.16.5.
network
low complexity
CWE-862
6.5
6.5
2025-03-05
CVE-2024-13810
The Zass - WooCommerce Theme for Handmade Artists and Artisans theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'zass_import_zass' AJAX actions in all versions up to, and including, 3.9.9.10.
network
low complexity
CWE-862
4.3
4.3
2025-03-05
CVE-2024-13811
The Lafka - Multi Store Burger - Pizza & Food Delivery WooCommerce Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'lafka_import_lafka' AJAX actions in all versions up to, and including, 4.5.7.
network
low complexity
CWE-862
4.3
4.3
2025-03-05
CVE-2025-0954
The WP Online Contract plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the json_import() and json_export() functions in all versions up to, and including, 5.1.4.
network
low complexity
CWE-862
6.5
6.5
2025-03-05
CVE-2024-8682
The JNews - WordPress Newspaper Magazine Blog AMP Theme theme for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 11.6.6.
network
low complexity
CWE-862
5.3
5.3
«
Previous
1
2
...
5
6
7
(current)
8
9
...
261
262
»
Next