Vulnerabilities > Missing Authorization

DATE CVE VULNERABILITY TITLE RISK
2025-03-12 CVE-2025-1508 Missing Authorization vulnerability in Themeum WP Crowdfunding
The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the download_data action in all versions up to, and including, 2.1.13.
network
low complexity
themeum CWE-862
5.3
2025-03-11 CVE-2025-28872 Missing Authorization vulnerability in Jwpegram Block Spam BY Math Reloaded
Missing Authorization vulnerability in jwpegram Block Spam By Math Reloaded allows Accessing Functionality Not Properly Constrained by ACLs.
network
low complexity
jwpegram CWE-862
critical
9.8
2025-03-11 CVE-2025-23188 An authenticated user with low privileges can exploit a missing authorization check in an IBS module of FS-RBD, allowing unauthorized access to perform actions beyond their intended permissions.
network
low complexity
CWE-862
4.3
2025-03-11 CVE-2025-25244 SAP Business Warehouse (Process Chains) allows an attacker to manipulate the process execution due to missing authorization check.
low complexity
CWE-862
5.7
2025-03-11 CVE-2025-26655 SAP Just In Time(JIT) does not perform necessary authorization checks for an authenticated user, allowing attacker to escalate privileges that would otherwise be restricted, potentially causing a low impact on the integrity of the application.Confidentiality and Availability are not impacted.
network
high complexity
CWE-862
3.1
2025-03-11 CVE-2025-26656 OData Service in Manage Purchasing Info Records does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges.
network
low complexity
CWE-862
4.3
2025-03-11 CVE-2025-26661 Due to missing authorization check, SAP NetWeaver (ABAP Class Builder) allows an attacker to gain higher access levels than they should have, resulting in escalation of privileges.
network
low complexity
CWE-862
8.8
2025-03-11 CVE-2025-27432 The eDocument Cockpit (Inbound NF-e) in SAP Electronic Invoicing for Brazil allows an authenticated attacker with certain privileges to gain unauthorized access to each transaction.
low complexity
CWE-862
2.4
2025-03-08 CVE-2024-10326 Missing Authorization vulnerability in Rometheme Romethemekit for Elementor
The RomethemeKit For Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_options and reset_widgets functions in all versions up to, and including, 1.5.3.
network
low complexity
rometheme CWE-862
4.3
2025-03-08 CVE-2025-1325 Missing Authorization vulnerability in Plechevandrey Wp-Recall
The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to arbitrary shortcode execution due to a missing capability check on the 'rcl_preview_post' AJAX endpoint in all versions up to, and including, 16.26.10.
network
low complexity
plechevandrey CWE-862
6.3