Vulnerabilities > Missing Authorization

DATE CVE VULNERABILITY TITLE RISK
2025-02-28 CVE-2024-10860 Missing Authorization vulnerability in Xlplugins Nextmove
The NextMove Lite – Thank You Page for WooCommerce plugin for WordPress is vulnerable to unauthorized submission of data due to a missing capability check on the _submit_uninstall_reason_action() function in all versions up to, and including, 2.19.0.
network
low complexity
xlplugins CWE-862
4.3
2025-02-28 CVE-2024-13716 Missing Authorization vulnerability in Tarbor Forex Calculators
The Forex Calculators plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_settings_callback() function in all versions up to, and including, 1.3.5.
network
low complexity
tarbor CWE-862
4.3
2025-02-28 CVE-2024-9195 Missing Authorization vulnerability in Whmpress Whmcs Client Area 4.3
The WHMPress - WHMCS Client Area plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the update_settings case in the /admin/ajax.php file in all versions up to, and including, 4.3-revision-3.
network
low complexity
whmpress CWE-862
8.8
2025-02-28 CVE-2025-1681 The Cardealer theme for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check and missing filename sanitization on the demo theme scheme AJAX functions in versions up to, and including, 1.6.4.
network
low complexity
CWE-862
5.4
2025-02-28 CVE-2025-1682 The Cardealer theme for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.4 due to missing capability check on the 'save_settings' function.
network
low complexity
CWE-862
8.8
2025-02-27 CVE-2025-1745 A vulnerability has been found in LinZhaoguan pb-cms 2.0 and classified as problematic.
network
low complexity
CWE-862
4.3
2025-02-25 CVE-2025-1644 Missing Authorization vulnerability in Modernasistemas Modernanet
A vulnerability classified as problematic has been found in Benner ModernaNet up to 1.2.0.
network
low complexity
modernasistemas CWE-862
6.5
2025-02-25 CVE-2025-1643 Missing Authorization vulnerability in Modernasistemas Modernanet
A vulnerability was found in Benner ModernaNet up to 1.1.0.
network
low complexity
modernasistemas CWE-862
8.8
2025-02-22 CVE-2025-1557 A vulnerability, which was classified as problematic, was found in OFCMS 1.1.3.
network
low complexity
CWE-862
4.3
2025-02-21 CVE-2025-1402 Missing Authorization vulnerability in Theeventscalendar Event Tickets
The Event Tickets and Registration plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'ajax_ticket_delete' function in all versions up to, and including, 5.19.1.1.
network
low complexity
theeventscalendar CWE-862
5.3