Vulnerabilities > Missing Authorization

DATE	CVE	VULNERABILITY TITLE	RISK
2023-06-07	CVE-2020-36720	Missing Authorization vulnerability in Kaliforms Kali Forms The Kali Forms plugin for WordPress is vulnerable to Authenticated Options Change in versions up to, and including, 2.1.1. network low complexity kaliforms CWE-862	7.1
2023-06-07	CVE-2020-36721	Missing Authorization vulnerability in multiple products The Brilliance <= 1.2.7, Activello <= 1.4.0, and Newspaper X <= 1.3.1 themes for WordPress are vulnerable to Plugin Activation/Deactivation. network low complexity machothemes colorlib cpothemes CWE-862	6.5
2023-06-07	CVE-2020-36725	Missing Authorization vulnerability in Templateinvaders TI Woocommerce Wishlist The TI WooCommerce Wishlist and TI WooCommerce Wishlist Pro plugins for WordPress are vulnerable to an Options Change vulnerability in versions up to, and including, 1.21.11 and 1.21.4 via the 'ti-woocommerce-wishlist/includes/export.class.php' file. network low complexity templateinvaders CWE-862	8.1
2023-06-07	CVE-2020-36729	Missing Authorization vulnerability in 2Joomla 2J Slideshow The 2J-SlideShow Plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the 'twoj_slideshow_setup' function called via the wp_ajax_twoj_slideshow_setup AJAX action in versions up to, and including, 1.3.31. network low complexity 2joomla CWE-862	4.3
2023-06-07	CVE-2020-36730	Missing Authorization vulnerability in Niteothemes CMP The CMP for WordPress is vulnerable to authorization bypass due to a missing capability check on the cmp_get_post_detail(), niteo_export_csv(), and cmp_disable_comingsoon_ajax() functions in versions up to, and including, 3.8.1. network low complexity niteothemes CWE-862 critical	9.3
2023-06-07	CVE-2021-4338	Missing Authorization vulnerability in Duckdev 404 to 301 The 404 to 301 plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the open_redirect & save_redirect functions in versions up to, and including, 3.0.7. network low complexity duckdev CWE-862	5.4
2023-06-07	CVE-2021-4339	Missing Authorization vulnerability in Stylemixthemes Ulisting The uListing plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the "ulisting/includes/route.php" file on the /1/api/ulisting-user/search REST-API route in versions up to, and including, 1.6.6. network low complexity stylemixthemes CWE-862	5.3
2023-06-07	CVE-2021-4341	Missing Authorization vulnerability in Stylemixthemes Ulisting The uListing plugin for WordPress is vulnerable to authorization bypass via Ajax due to missing capability checks, missing input validation, and a missing security nonce in the stm_update_email_data AJAX action in versions up to, and including, 1.6.6. network low complexity stylemixthemes CWE-862 critical	9.8
2023-06-07	CVE-2021-4343	Missing Authorization vulnerability in Stylemixthemes Ulisting The Unauthenticated Account Creation plugin for WordPress is vulnerable to Unauthenticated Account Creation in versions up to, and including, 1.6.6. network low complexity stylemixthemes CWE-862 critical	9.8
2023-06-07	CVE-2021-4345	Missing Authorization vulnerability in Stylemixthemes Ulisting The uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability and nonce checks on the UlistingUserRole::save_role_api method in versions up to, and including, 1.6.6. network low complexity stylemixthemes CWE-862	5.3

Vulnerabilities > Missing Authorization {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Missing Authorization"}]}

Vulnerabilities > Missing Authorization