Vulnerabilities > Incorrect Authorization
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-12-20 | CVE-2022-43872 | Incorrect Authorization vulnerability in IBM Financial Transaction Manager 3.2.4 IBM Financial Transaction Manager 3.2.4 authorization checks are done incorrectly for some HTTP requests which allows getting unauthorized technical information (e.g. | 5.3 |
2022-12-20 | CVE-2022-46076 | Incorrect Authorization vulnerability in Dlink Dir-869 Firmware and Dir-869Ax Firmware D-Link DIR-869 DIR869Ax_FW102B15 is vulnerable to Authentication Bypass via phpcgi. | 7.5 |
2022-12-17 | CVE-2022-23488 | Incorrect Authorization vulnerability in Bigbluebutton BigBlueButton is an open source web conferencing system. | 7.5 |
2022-12-16 | CVE-2022-23490 | Incorrect Authorization vulnerability in Bigbluebutton BigBlueButton is an open source web conferencing system. | 4.3 |
2022-12-14 | CVE-2022-23741 | Incorrect Authorization vulnerability in Github Enterprise Server An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a scoped user-to-server token to escalate to full admin/owner privileges. | 7.2 |
2022-12-12 | CVE-2022-3879 | Incorrect Authorization vulnerability in CAR Dealer Project CAR Dealer The Car Dealer (Dealership) and Vehicle sales WordPress Plugin WordPress plugin before 3.05 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org | 6.5 |
2022-12-12 | CVE-2022-3880 | Incorrect Authorization vulnerability in Antihacker Project Antihacker The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan WordPress plugin before 4.20 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org | 6.5 |
2022-12-12 | CVE-2022-3881 | Incorrect Authorization vulnerability in Wptools Project Wptools The WP Tools Increase Maximum Limits, Repair, Server PHP Info, Javascript errors, File Permissions, Transients, Error Log WordPress plugin before 3.43 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org | 5.7 |
2022-12-12 | CVE-2022-3882 | Incorrect Authorization vulnerability in Wp-Memory Project Wp-Memory The Memory Usage, Memory Limit, PHP and Server Memory Health Check and Fix Plugin WordPress plugin before 2.46 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org | 6.5 |
2022-12-12 | CVE-2022-3883 | Incorrect Authorization vulnerability in Stopbadbots Project Stopbadbots The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin before 7.24 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org | 6.5 |