Vulnerabilities > Improper Access Control
|2022-06-15||CVE-2022-28612|| Improper Access Control vulnerability in Custom Popup Builder Project Custom Popup Builder |
Improper Access Control vulnerability leading to multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Muneeb's Custom Popup Builder plugin <= 1.3.1 at WordPress.
| 3.5 |
|2022-06-13||CVE-2022-1656|| Improper Access Control vulnerability in Artbees Jupiter X Core and Jupiterx |
Vulnerable versions of the JupiterX Theme (<=2.0.6) allow any logged-in user, including subscriber-level users, to access any of the functions registered in lib/api/api/ajax.php, which also grant access to the jupiterx_api_ajax_ actions registered by the JupiterX Core Plugin (<=2.0.6).
| 5.5 |
|2022-06-08||CVE-2022-1598|| Improper Access Control vulnerability in 2Code Wpqa Builder 5.2 |
The WPQA Builder WordPress plugin before 5.4 which is a companion to the Discy and Himer , lacks authentication in a REST API endpoint, allowing unauthenticated users to discover private questions sent between users on the site.
| 5.0 |
|2022-05-20||CVE-2022-29160|| Improper Access Control vulnerability in Nextcloud |
Nextcloud Android is the Android client for Nextcloud, a self-hosted productivity platform.
| 2.1 |
|2022-05-13||CVE-2021-33013|| Improper Access Control vulnerability in Myscada Mypro 7/7.0.26 |
mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive system information.
| 5.0 |
|2022-05-09||CVE-2019-25060|| Improper Access Control vulnerability in Wpgraphql 0.2.3 |
The WPGraphQL WordPress plugin before 0.3.5 doesn't properly restrict access to information about other users' roles on the affected site.
| 5.0 |
|2022-04-25||CVE-2022-29417|| Improper Access Control vulnerability in Shortpixel Adaptive Images |
Plugin Settings Update vulnerability in ShortPixel's ShortPixel Adaptive Images plugin <= 3.3.1 at WordPress allows an attacker with a low user role like a subscriber or higher to change the plugin settings.
| 4.0 |
|2022-04-25||CVE-2022-0541|| Improper Access Control vulnerability in Flothemes Flo-Launch |
The flo-launch WordPress plugin before 2.4.1 injects code into wp-config.php when creating a cloned site, allowing any attacker to initiate a new site install by setting the flo_custom_table_prefix cookie to an arbitrary value.
| 7.5 |
|2022-04-14||CVE-2022-22183|| Improper Access Control vulnerability in Juniper Junos OS Evolved |
An Improper Access Control vulnerability in Juniper Networks Junos OS Evolved allows a network-based unauthenticated attacker who is able to connect to a specific open IPv4 port, which in affected releases should otherwise be unreachable, to cause the CPU to consume all resources as more traffic is sent to the port to create a Denial of Service (DoS) condition.
| 7.8 |
|2022-04-04||CVE-2021-36775|| Improper Access Control vulnerability in Rancher |
a Improper Access Control vulnerability in SUSE Rancher allows users to keep privileges that should have been revoked.
| 6.5 |