2025-03-12 | CVE-2025-1508 | Missing Authorization vulnerability in Themeum WP Crowdfunding The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the download_data action in all versions up to, and including, 2.1.13. | 5.3 |
2025-03-11 | CVE-2025-28872 | Missing Authorization vulnerability in Jwpegram Block Spam BY Math Reloaded Missing Authorization vulnerability in jwpegram Block Spam By Math Reloaded allows Accessing Functionality Not Properly Constrained by ACLs. | 9.8 |
2025-03-11 | CVE-2025-23188 | An authenticated user with low privileges can exploit a missing authorization check in an IBS module of FS-RBD, allowing unauthorized access to perform actions beyond their intended permissions. | 4.3 |
2025-03-11 | CVE-2025-25244 | SAP Business Warehouse (Process Chains) allows an attacker to manipulate the process execution due to missing authorization check. | 5.7 |
2025-03-11 | CVE-2025-26655 | SAP Just In Time(JIT) does not perform necessary authorization checks for an authenticated user, allowing attacker to escalate privileges that would otherwise be restricted, potentially causing a low impact on the integrity of the application.Confidentiality and Availability are not impacted. | 3.1 |
2025-03-11 | CVE-2025-26656 | OData Service in Manage Purchasing Info Records does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. | 4.3 |
2025-03-11 | CVE-2025-26661 | Due to missing authorization check, SAP NetWeaver (ABAP Class Builder) allows an attacker to gain higher access levels than they should have, resulting in escalation of privileges. | 8.8 |
2025-03-11 | CVE-2025-27432 | The eDocument Cockpit (Inbound NF-e) in SAP Electronic Invoicing for Brazil allows an authenticated attacker with certain privileges to gain unauthorized access to each transaction. | 2.4 |
2025-03-08 | CVE-2024-10326 | Missing Authorization vulnerability in Rometheme Romethemekit for Elementor The RomethemeKit For Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_options and reset_widgets functions in all versions up to, and including, 1.5.3. | 4.3 |
2025-03-08 | CVE-2025-1325 | Missing Authorization vulnerability in Plechevandrey Wp-Recall The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to arbitrary shortcode execution due to a missing capability check on the 'rcl_preview_post' AJAX endpoint in all versions up to, and including, 16.26.10. | 6.3 |