| 2025-01-21 | CVE-2025-24461 | Missing Authorization vulnerability in Jetbrains Teamcity 2024.12.1
In JetBrains TeamCity before 2024.12.1 decryption of connection secrets without proper permissions was possible via Test Connection endpoint | 6.5 |
| 2025-01-21 | CVE-2024-12104 | Missing Authorization vulnerability in Atarim Visual Website Collaboration, Feedback & Project Management
The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the wpf_delete_file and wpf_delete_file functions in all versions up to, and including, 4.0.9. | 7.5 |
| 2025-01-18 | CVE-2025-0515 | The Buzz Club – Night Club, DJ and Music Festival Event WordPress Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'cmsmasters_hide_admin_notice' function in all versions up to, and including, 2.0.4. | 4.3 |
| 2025-01-18 | CVE-2024-12071 | The Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_network_post() function in all versions up to, and including, 1.4.4. | 5.3 |
| 2025-01-18 | CVE-2018-9406 | Missing Authorization vulnerability in Google Android
In NlpService, there is a possible way to obtain location information due to a missing permission check. | 5.5 |
| 2025-01-17 | CVE-2024-12370 | Missing Authorization vulnerability in Thimpress WP Hotel Booking
The WP Hotel Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check when adding rooms in all versions up to, and including, 2.1.5. | 5.3 |
| 2025-01-17 | CVE-2024-13367 | The Sandbox plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the export_download action in all versions up to, and including, 0.4. | 6.5 |
| 2025-01-16 | CVE-2024-12427 | The Multi Step Form plugin for WordPress is vulnerable to unauthorized limited file upload due to a missing capability check on the fw_upload_file AJAX action in all versions up to, and including, 1.7.23. | 5.3 |
| 2025-01-16 | CVE-2024-12614 | Missing Authorization vulnerability in Hirewebxperts Passwords Manager
The Passwords Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pms_save_setting' and 'post_new_pass' AJAX actions in all versions up to, and including, 1.4.8. | 4.3 |
| 2025-01-15 | CVE-2024-11848 | The NitroPack plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'nitropack_dismiss_notice_forever' AJAX action in all versions up to, and including, 1.17.0. | 8.1 |