Vulnerabilities > Improper Access Control

DATE	CVE	VULNERABILITY TITLE	RISK
2024-12-20	CVE-2024-9503	The Maintenance & Coming Soon Redirect Animation plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wploti_add_whitelisted_roles_option', 'wploti_remove_whitelisted_roles_option', 'wploti_add_whitelisted_users_option', 'wploti_remove_whitelisted_users_option', and 'wploti_uploaded_animation_save_option' functions in all versions up to, and including, 2.1.3. network low complexity CWE-284	4.3
2024-12-12	CVE-2024-10124	The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation due to a missing capability check on the tp_install() function in all versions up to, and including, 1.1.1. network low complexity CWE-284 critical	9.8
2024-12-11	CVE-2024-12294	The Last Viewed Posts by WPBeginner plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.1 via the 'get_legacy_cookies' function. network low complexity CWE-284	5.3
2024-11-18	CVE-2021-1410	A vulnerability in the distribution list feature of Cisco Webex Meetings could allow an authenticated, remote attacker to modify a distribution list that belongs to another user of their organization. The vulnerability is due to insufficient authorization enforcement for requests to update distribution lists. network low complexity CWE-284	4.3
2024-11-12	CVE-2024-49044	Improper Access Control vulnerability in Microsoft Visual Studio 2022 Visual Studio Elevation of Privilege Vulnerability network high complexity microsoft CWE-284	6.7
2024-11-01	CVE-2024-7424	The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to unauthorized modification of and access to data due to a missing capability check on several functions in all versions up to, and including, 4.0.1. network low complexity CWE-284	5.4
2024-10-16	CVE-2020-36838	The Facebook Chat Plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wp_ajax_update_options function in versions up to, and including, 1.5. network low complexity CWE-284	7.4
2024-08-12	CVE-2024-29082	Improper Access Control vulnerability in Vonets products Improper access control vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enables an unauthenticated remote attacker to bypass authentication and factory reset the device via unprotected goform endpoints. network low complexity vonets CWE-284	8.6
2023-04-15	CVE-2023-2104	Improper Access Control vulnerability in Easyappointments Improper Access Control in GitHub repository alextselegidis/easyappointments prior to 1.5.0. network low complexity easyappointments CWE-284	5.4
2020-10-28	CVE-2020-16261	Improper Access Control vulnerability in Winstonprivacy Winston Firmware 1.5.4 Winston 1.5.4 devices allow a U-Boot interrupt, resulting in local root access. low complexity winstonprivacy CWE-284	6.8

Vulnerabilities > Improper Access Control {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Improper Access Control"}]}

Vulnerabilities > Improper Access Control