Vulnerabilities > Improper Access Control
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-01 | CVE-2024-7424 | The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to unauthorized modification of and access to data due to a missing capability check on several functions in all versions up to, and including, 4.0.1. | 5.4 |
| 2024-10-16 | CVE-2020-36838 | The Facebook Chat Plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wp_ajax_update_options function in versions up to, and including, 1.5. | 7.4 |
| 2024-08-12 | CVE-2024-29082 | Improper Access Control vulnerability in Vonets products Improper access control vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enables an unauthenticated remote attacker to bypass authentication and factory reset the device via unprotected goform endpoints. | 8.6 |
| 2023-04-15 | CVE-2023-2104 | Improper Access Control vulnerability in Easyappointments Improper Access Control in GitHub repository alextselegidis/easyappointments prior to 1.5.0. | 5.4 |
| 2020-10-28 | CVE-2020-16261 | Improper Access Control vulnerability in Winstonprivacy Winston Firmware 1.5.4 Winston 1.5.4 devices allow a U-Boot interrupt, resulting in local root access. | 6.8 |
| 2019-08-30 | CVE-2018-15513 | Improper Access Control vulnerability in Totemo Totemomail 6.0.0 Log viewer in totemomail 6.0.0 build 570 allows access to sessionIDs of high privileged users by leveraging access to a read-only auditor role. | 5.3 |
| 2019-08-29 | CVE-2018-21007 | Improper Access Control vulnerability in Wisetr User Email Verification for Woocommerce The woo-confirmation-email plugin before 3.2.0 for WordPress has no blocking of direct access to supportive xl folders inside uploads. | 9.8 |
| 2019-08-22 | CVE-2015-9337 | Improper Access Control vulnerability in Cozmoslabs Profile Builder The profile-builder plugin before 2.1.4 for WordPress has no access control for activating or deactivating addons via AJAX. | 7.5 |
| 2019-08-16 | CVE-2017-18543 | Improper Access Control vulnerability in Invite Anyone Project Invite Anyone The invite-anyone plugin before 1.3.16 for WordPress has incorrect access control for email-based invitations. | 9.8 |
| 2019-08-08 | CVE-2018-20957 | Improper Access Control vulnerability in Tapplock One+ Firmware The Bluetooth Low Energy (BLE) subsystem on Tapplock devices before 2018-06-12 allows replay attacks. | 8.8 |