VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> Improper Access Control
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2024-12-20
CVE-2024-9503
The Maintenance & Coming Soon Redirect Animation plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wploti_add_whitelisted_roles_option', 'wploti_remove_whitelisted_roles_option', 'wploti_add_whitelisted_users_option', 'wploti_remove_whitelisted_users_option', and 'wploti_uploaded_animation_save_option' functions in all versions up to, and including, 2.1.3.
network
low complexity
CWE-284
4.3
4.3
2024-12-12
CVE-2024-10124
The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation due to a missing capability check on the tp_install() function in all versions up to, and including, 1.1.1.
network
low complexity
CWE-284
critical
9.8
9.8
2024-12-12
CVE-2024-49068
Microsoft SharePoint Elevation of Privilege Vulnerability
network
low complexity
CWE-284
8.2
8.2
2024-12-11
CVE-2024-12294
The Last Viewed Posts by WPBeginner plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.1 via the 'get_legacy_cookies' function.
network
low complexity
CWE-284
5.3
5.3
2024-12-04
CVE-2024-20397
A vulnerability in the bootloader of Cisco NX-OS Software could allow an unauthenticated attacker with physical access to an affected device, or an authenticated, local attacker with administrative credentials, to bypass NX-OS image signature verification. This vulnerability is due to insecure bootloader settings.
low complexity
CWE-284
5.2
5.2
2024-11-18
CVE-2021-1410
A vulnerability in the distribution list feature of Cisco Webex Meetings could allow an authenticated, remote attacker to modify a distribution list that belongs to another user of their organization. The vulnerability is due to insufficient authorization enforcement for requests to update distribution lists.
network
low complexity
CWE-284
4.3
4.3
2024-11-12
CVE-2024-49044
Improper Access Control vulnerability in Microsoft Visual Studio 2022
Visual Studio Elevation of Privilege Vulnerability
network
high complexity
microsoft
CWE-284
6.7
6.7
2024-11-01
CVE-2024-7424
The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to unauthorized modification of and access to data due to a missing capability check on several functions in all versions up to, and including, 4.0.1.
network
low complexity
CWE-284
5.4
5.4
2024-10-16
CVE-2020-36831
The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on multiple user privilege/security functions provided in versions up to, and including 4.3.17.
network
low complexity
CWE-284
5.0
5.0
2024-10-16
CVE-2020-36838
The Facebook Chat Plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wp_ajax_update_options function in versions up to, and including, 1.5.
network
low complexity
CWE-284
7.4
7.4
«
1
(current)
2
3
4
5
...
77
78
»
Next