Vulnerabilities > Improper Authorization

DATE	CVE	VULNERABILITY TITLE	RISK
2025-02-14	CVE-2024-13692	The Return Refund and Exchange For WooCommerce – Return Management System, RMA Exchange, Wallet And Cancel Order Features plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.4.5 via several functions due to missing validation on a user controlled key. network low complexity CWE-285	5.4
2025-02-11	CVE-2025-24409	Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. network low complexity CWE-285	8.2
2025-02-11	CVE-2025-24418	Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. network low complexity CWE-285	8.1
2025-02-11	CVE-2025-24434	Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. network low complexity CWE-285 critical	9.1
2025-02-05	CVE-2025-20125	A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker with valid read-only credentials to obtain sensitive information, change node configurations, and restart the node. This vulnerability is due to a lack of authorization in a specific API and improper validation of user-supplied data. network low complexity CWE-285 critical	9.1
2024-11-18	CVE-2020-3539	A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. The vulnerability is due to a failure to limit access to resources that are intended for users with Administrator privileges. network low complexity CWE-285	6.3
2024-10-25	CVE-2024-9235	Improper Authorization vulnerability in Mapster WP Maps The Mapster WP Maps plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to an insufficient capability check on the mapster_wp_maps_set_option_from_js() function in all versions up to, and including, 1.5.0. network low complexity mapster CWE-285	8.8
2024-10-24	CVE-2024-9531	The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mvx_sent_deactivation_request' function in all versions up to, and including, 4.2.4. network low complexity CWE-285	4.3
2024-10-16	CVE-2020-36841	The WooCommerce Smart Coupons plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the woocommerce_coupon_admin_init function in versions up to, and including, 4.6.0. network low complexity CWE-285	5.3
2024-09-09	CVE-2024-7015	Improper Authorization vulnerability in Profelis Passbox Improper Authentication, Missing Authentication for Critical Function, Improper Authorization vulnerability in Profelis Informatics and Consulting PassBox allows Authentication Abuse.This issue affects PassBox: before v1.2. network low complexity profelis CWE-285 critical	9.8

Vulnerabilities > Improper Authorization {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Improper Authorization"}]}

Vulnerabilities > Improper Authorization