Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-17 | CVE-2022-23488 | Incorrect Authorization vulnerability in Bigbluebutton BigBlueButton is an open source web conferencing system. | 7.5 |
| 2022-12-16 | CVE-2022-23490 | Incorrect Authorization vulnerability in Bigbluebutton BigBlueButton is an open source web conferencing system. | 4.3 |
| 2022-12-14 | CVE-2022-23741 | Incorrect Authorization vulnerability in Github Enterprise Server An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a scoped user-to-server token to escalate to full admin/owner privileges. | 7.2 |
| 2022-12-12 | CVE-2022-3879 | Incorrect Authorization vulnerability in CAR Dealer Project CAR Dealer The Car Dealer (Dealership) and Vehicle sales WordPress Plugin WordPress plugin before 3.05 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org | 6.5 |
| 2022-12-12 | CVE-2022-3880 | Incorrect Authorization vulnerability in Antihacker Project Antihacker The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan WordPress plugin before 4.20 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org | 6.5 |
| 2022-12-12 | CVE-2022-3881 | Incorrect Authorization vulnerability in Wptools Project Wptools The WP Tools Increase Maximum Limits, Repair, Server PHP Info, Javascript errors, File Permissions, Transients, Error Log WordPress plugin before 3.43 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org | 5.7 |
| 2022-12-12 | CVE-2022-3882 | Incorrect Authorization vulnerability in Wp-Memory Project Wp-Memory The Memory Usage, Memory Limit, PHP and Server Memory Health Check and Fix Plugin WordPress plugin before 2.46 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org | 6.5 |
| 2022-12-12 | CVE-2022-3883 | Incorrect Authorization vulnerability in Stopbadbots Project Stopbadbots The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin before 7.24 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org | 6.5 |
| 2022-12-12 | CVE-2022-45956 | Incorrect Authorization vulnerability in BOA 0.94.13/0.94.14 Boa Web Server versions 0.94.13 through 0.94.14 fail to validate the correct security constraint on the HEAD HTTP method allowing everyone to bypass the Basic Authorization mechanism. | 5.3 |
| 2022-12-12 | CVE-2022-45760 | Incorrect Authorization vulnerability in Sens Project Sens SENS v1.0 is vulnerable to Incorrect Access Control vulnerability. | 8.8 |