Vulnerabilities > Missing Authorization

DATE CVE VULNERABILITY TITLE RISK
2025-03-06 CVE-2025-2042 A vulnerability has been found in huang-yk student-manage 1.0 and classified as problematic.
network
low complexity
CWE-862
4.3
2025-03-06 CVE-2025-1666 The Cookie banner plugin for WordPress – Cookiebot CMP by Usercentrics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the send_uninstall_survey() function in all versions up to, and including, 4.4.1.
network
low complexity
CWE-862
4.3
2025-03-05 CVE-2024-13423 The Sparkling theme for WordPress is vulnerable to unauthorized plugin activation/deactivation due to a missing capability check on the 'sparkling_activate_plugin' and 'sparkling_deactivate_plugin' functions in versions up to, and including, 2.4.9.
network
low complexity
CWE-862
5.3
2025-03-05 CVE-2024-13232 The WordPress Awesome Import & Export Plugin - Import & Export WordPress Data plugin for WordPress is vulnerable arbitrary SQL Execution and privilege escalation due to a missing capability check on the renderImport() function in all versions up to, and including, 4.1.1.
network
low complexity
CWE-862
8.8
2025-03-05 CVE-2024-13747 The WooMail - WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'template_delete_saved' function in all versions up to, and including, 3.0.34.
network
low complexity
CWE-862
4.3
2025-03-05 CVE-2024-13780 The Hero Mega Menu - Responsive WordPress Menu Plugin plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the hmenu_delete_menu() function in all versions up to, and including, 1.16.5.
network
low complexity
CWE-862
6.5
2025-03-05 CVE-2024-13810 The Zass - WooCommerce Theme for Handmade Artists and Artisans theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'zass_import_zass' AJAX actions in all versions up to, and including, 3.9.9.10.
network
low complexity
CWE-862
4.3
2025-03-05 CVE-2024-13811 The Lafka - Multi Store Burger - Pizza & Food Delivery WooCommerce Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'lafka_import_lafka' AJAX actions in all versions up to, and including, 4.5.7.
network
low complexity
CWE-862
4.3
2025-03-05 CVE-2025-0954 The WP Online Contract plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the json_import() and json_export() functions in all versions up to, and including, 5.1.4.
network
low complexity
CWE-862
6.5
2025-03-05 CVE-2024-8682 The JNews - WordPress Newspaper Magazine Blog AMP Theme theme for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 11.6.6.
network
low complexity
CWE-862
5.3