Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-12 | CVE-2022-3880 | Incorrect Authorization vulnerability in Antihacker Project Antihacker The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan WordPress plugin before 4.20 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org | 6.5 |
| 2022-12-12 | CVE-2022-3881 | Incorrect Authorization vulnerability in Wptools Project Wptools The WP Tools Increase Maximum Limits, Repair, Server PHP Info, Javascript errors, File Permissions, Transients, Error Log WordPress plugin before 3.43 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org | 5.7 |
| 2022-12-12 | CVE-2022-3882 | Incorrect Authorization vulnerability in Wp-Memory Project Wp-Memory The Memory Usage, Memory Limit, PHP and Server Memory Health Check and Fix Plugin WordPress plugin before 2.46 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org | 6.5 |
| 2022-12-12 | CVE-2022-3883 | Incorrect Authorization vulnerability in Stopbadbots Project Stopbadbots The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin before 7.24 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org | 6.5 |
| 2022-12-12 | CVE-2022-45956 | Incorrect Authorization vulnerability in BOA 0.94.13/0.94.14 Boa Web Server versions 0.94.13 through 0.94.14 fail to validate the correct security constraint on the HEAD HTTP method allowing everyone to bypass the Basic Authorization mechanism. | 5.3 |
| 2022-12-12 | CVE-2022-45760 | Incorrect Authorization vulnerability in Sens Project Sens SENS v1.0 is vulnerable to Incorrect Access Control vulnerability. | 8.8 |
| 2022-12-08 | CVE-2022-39903 | Incorrect Authorization vulnerability in Google Android Improper access control vulnerability in RCS call prior to SMR Dec-2022 Release 1 allows local attackers to access RCS incoming call number. | 3.3 |
| 2022-12-08 | CVE-2022-39913 | Incorrect Authorization vulnerability in Google Android Exposure of Sensitive Information to an Unauthorized Actor in Persona Manager prior to Android T(13) allows local attacker to access user profiles information. | 3.3 |
| 2022-12-08 | CVE-2022-39914 | Incorrect Authorization vulnerability in Google Android Exposure of Sensitive Information from an Unauthorized Actor vulnerability in Samsung DisplayManagerService prior to Android T(13) allows local attacker to access connected DLNA device information. | 3.3 |
| 2022-12-08 | CVE-2020-36610 | Incorrect Authorization vulnerability in Duxcms Project Duxcms 2.1 A vulnerability was found in annyshow DuxCMS 2.1. | 8.0 |