VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> Improper Access Control
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2025-02-04
CVE-2024-13514
The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.5 via the 'bsb-slider' shortcode due to insufficient restrictions on which posts can be included.
network
low complexity
CWE-284
4.3
4.3
2025-01-27
CVE-2024-22316
IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to perform unauthorized actions to another user's data due to improper access controls.
network
low complexity
CWE-284
4.3
4.3
2025-01-24
CVE-2024-35122
IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to a file level local denial of service caused by an insufficient authority requirement.
local
low complexity
CWE-284
2.8
2.8
2024-12-20
CVE-2024-9503
The Maintenance & Coming Soon Redirect Animation plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wploti_add_whitelisted_roles_option', 'wploti_remove_whitelisted_roles_option', 'wploti_add_whitelisted_users_option', 'wploti_remove_whitelisted_users_option', and 'wploti_uploaded_animation_save_option' functions in all versions up to, and including, 2.1.3.
network
low complexity
CWE-284
4.3
4.3
2024-12-12
CVE-2024-10124
The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation due to a missing capability check on the tp_install() function in all versions up to, and including, 1.1.1.
network
low complexity
CWE-284
critical
9.8
9.8
2024-12-11
CVE-2024-12294
The Last Viewed Posts by WPBeginner plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.1 via the 'get_legacy_cookies' function.
network
low complexity
CWE-284
5.3
5.3
2024-11-18
CVE-2021-1410
A vulnerability in the distribution list feature of Cisco Webex Meetings could allow an authenticated, remote attacker to modify a distribution list that belongs to another user of their organization. The vulnerability is due to insufficient authorization enforcement for requests to update distribution lists.
network
low complexity
CWE-284
4.3
4.3
2024-11-12
CVE-2024-49044
Improper Access Control vulnerability in Microsoft Visual Studio 2022
Visual Studio Elevation of Privilege Vulnerability
network
high complexity
microsoft
CWE-284
6.7
6.7
2024-11-01
CVE-2024-7424
The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to unauthorized modification of and access to data due to a missing capability check on several functions in all versions up to, and including, 4.0.1.
network
low complexity
CWE-284
5.4
5.4
2024-10-16
CVE-2020-36838
The Facebook Chat Plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wp_ajax_update_options function in versions up to, and including, 1.5.
network
low complexity
CWE-284
7.4
7.4
«
Previous
1
2
3
(current)
4
5
...
79
80
»
Next