Vulnerabilities > Improper Access Control

DATE CVE VULNERABILITY TITLE RISK
2024-12-20 CVE-2024-9503 The Maintenance & Coming Soon Redirect Animation plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wploti_add_whitelisted_roles_option', 'wploti_remove_whitelisted_roles_option', 'wploti_add_whitelisted_users_option', 'wploti_remove_whitelisted_users_option', and 'wploti_uploaded_animation_save_option' functions in all versions up to, and including, 2.1.3.
network
low complexity
CWE-284
4.3
2024-12-12 CVE-2024-10124 The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation due to a missing capability check on the tp_install() function in all versions up to, and including, 1.1.1.
network
low complexity
CWE-284
critical
9.8
2024-12-12 CVE-2024-49068 Microsoft SharePoint Elevation of Privilege Vulnerability
network
low complexity
CWE-284
8.2
2024-12-11 CVE-2024-12294 The Last Viewed Posts by WPBeginner plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.1 via the 'get_legacy_cookies' function.
network
low complexity
CWE-284
5.3
2024-12-04 CVE-2024-20397 A vulnerability in the bootloader of Cisco NX-OS Software could allow an unauthenticated attacker with physical access to an affected device, or an authenticated, local attacker with administrative credentials, to bypass NX-OS image signature verification. This vulnerability is due to insecure bootloader settings.
low complexity
CWE-284
5.2
2024-11-18 CVE-2021-1410 A vulnerability in the distribution list feature of Cisco Webex Meetings could allow an authenticated, remote attacker to modify a distribution list that belongs to another user of their organization. The vulnerability is due to insufficient authorization enforcement for requests to update distribution lists.
network
low complexity
CWE-284
4.3
2024-11-12 CVE-2024-49044 Improper Access Control vulnerability in Microsoft Visual Studio 2022
Visual Studio Elevation of Privilege Vulnerability
network
high complexity
microsoft CWE-284
6.7
2024-11-01 CVE-2024-7424 The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to unauthorized modification of and access to data due to a missing capability check on several functions in all versions up to, and including, 4.0.1.
network
low complexity
CWE-284
5.4
2024-10-16 CVE-2020-36831 The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on multiple user privilege/security functions provided in versions up to, and including 4.3.17.
network
low complexity
CWE-284
5.0
2024-10-16 CVE-2020-36838 The Facebook Chat Plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wp_ajax_update_options function in versions up to, and including, 1.5.
network
low complexity
CWE-284
7.4