Vulnerabilities > Improper Access Control

DATE CVE VULNERABILITY TITLE RISK
2022-06-15 CVE-2022-28612 Improper Access Control vulnerability in Custom Popup Builder Project Custom Popup Builder
Improper Access Control vulnerability leading to multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Muneeb's Custom Popup Builder plugin <= 1.3.1 at WordPress.
3.5
2022-06-13 CVE-2022-1656 Improper Access Control vulnerability in Artbees Jupiter X Core and Jupiterx
Vulnerable versions of the JupiterX Theme (<=2.0.6) allow any logged-in user, including subscriber-level users, to access any of the functions registered in lib/api/api/ajax.php, which also grant access to the jupiterx_api_ajax_ actions registered by the JupiterX Core Plugin (<=2.0.6).
network
low complexity
artbees CWE-284
5.5
2022-06-08 CVE-2022-1598 Improper Access Control vulnerability in 2Code Wpqa Builder 5.2
The WPQA Builder WordPress plugin before 5.4 which is a companion to the Discy and Himer , lacks authentication in a REST API endpoint, allowing unauthenticated users to discover private questions sent between users on the site.
network
low complexity
2code CWE-284
5.0
2022-05-20 CVE-2022-29160 Improper Access Control vulnerability in Nextcloud
Nextcloud Android is the Android client for Nextcloud, a self-hosted productivity platform.
local
low complexity
nextcloud CWE-284
2.1
2022-05-13 CVE-2021-33013 Improper Access Control vulnerability in Myscada Mypro 7/7.0.26
mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive system information.
network
low complexity
myscada CWE-284
5.0
2022-05-09 CVE-2019-25060 Improper Access Control vulnerability in Wpgraphql 0.2.3
The WPGraphQL WordPress plugin before 0.3.5 doesn't properly restrict access to information about other users' roles on the affected site.
network
low complexity
wpgraphql CWE-284
5.0
2022-04-25 CVE-2022-29417 Improper Access Control vulnerability in Shortpixel Adaptive Images
Plugin Settings Update vulnerability in ShortPixel's ShortPixel Adaptive Images plugin <= 3.3.1 at WordPress allows an attacker with a low user role like a subscriber or higher to change the plugin settings.
network
low complexity
shortpixel CWE-284
4.0
2022-04-25 CVE-2022-0541 Improper Access Control vulnerability in Flothemes Flo-Launch
The flo-launch WordPress plugin before 2.4.1 injects code into wp-config.php when creating a cloned site, allowing any attacker to initiate a new site install by setting the flo_custom_table_prefix cookie to an arbitrary value.
network
low complexity
flothemes CWE-284
7.5
2022-04-14 CVE-2022-22183 Improper Access Control vulnerability in Juniper Junos OS Evolved
An Improper Access Control vulnerability in Juniper Networks Junos OS Evolved allows a network-based unauthenticated attacker who is able to connect to a specific open IPv4 port, which in affected releases should otherwise be unreachable, to cause the CPU to consume all resources as more traffic is sent to the port to create a Denial of Service (DoS) condition.
network
low complexity
juniper CWE-284
7.8
2022-04-04 CVE-2021-36775 Improper Access Control vulnerability in Rancher
a Improper Access Control vulnerability in SUSE Rancher allows users to keep privileges that should have been revoked.
network
low complexity
rancher CWE-284
6.5