Vulnerabilities > Improper Access Control

DATE CVE VULNERABILITY TITLE RISK
2024-12-20 CVE-2024-9503 The Maintenance & Coming Soon Redirect Animation plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wploti_add_whitelisted_roles_option', 'wploti_remove_whitelisted_roles_option', 'wploti_add_whitelisted_users_option', 'wploti_remove_whitelisted_users_option', and 'wploti_uploaded_animation_save_option' functions in all versions up to, and including, 2.1.3.
network
low complexity
CWE-284
4.3
2024-12-12 CVE-2024-10124 The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation due to a missing capability check on the tp_install() function in all versions up to, and including, 1.1.1.
network
low complexity
CWE-284
critical
9.8
2024-12-11 CVE-2024-12294 The Last Viewed Posts by WPBeginner plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.1 via the 'get_legacy_cookies' function.
network
low complexity
CWE-284
5.3
2024-11-18 CVE-2021-1410 A vulnerability in the distribution list feature of Cisco Webex Meetings could allow an authenticated, remote attacker to modify a distribution list that belongs to another user of their organization. The vulnerability is due to insufficient authorization enforcement for requests to update distribution lists.
network
low complexity
CWE-284
4.3
2024-11-12 CVE-2024-49044 Improper Access Control vulnerability in Microsoft Visual Studio 2022
Visual Studio Elevation of Privilege Vulnerability
network
high complexity
microsoft CWE-284
6.7
2024-11-01 CVE-2024-7424 The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to unauthorized modification of and access to data due to a missing capability check on several functions in all versions up to, and including, 4.0.1.
network
low complexity
CWE-284
5.4
2024-10-16 CVE-2020-36838 The Facebook Chat Plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wp_ajax_update_options function in versions up to, and including, 1.5.
network
low complexity
CWE-284
7.4
2024-08-12 CVE-2024-29082 Improper Access Control vulnerability in Vonets products
Improper access control vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enables an unauthenticated remote attacker to bypass authentication and factory reset the device via unprotected goform endpoints.
network
low complexity
vonets CWE-284
8.6
2023-04-15 CVE-2023-2104 Improper Access Control vulnerability in Easyappointments
Improper Access Control in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
network
low complexity
easyappointments CWE-284
5.4
2020-10-28 CVE-2020-16261 Improper Access Control vulnerability in Winstonprivacy Winston Firmware 1.5.4
Winston 1.5.4 devices allow a U-Boot interrupt, resulting in local root access.
low complexity
winstonprivacy CWE-284
6.8