Vulnerabilities > Missing Authentication for Critical Function

DATE CVE VULNERABILITY TITLE RISK
2024-10-22 CVE-2022-23862 Missing Authentication for Critical Function vulnerability in Ysoft Safeq 6.0
A Local Privilege Escalation issue was discovered in Y Soft SAFEQ 6 Build 53.
local
low complexity
ysoft CWE-306
7.8
7.8
2024-10-22 CVE-2024-10002 Missing Authentication for Critical Function vulnerability in Roveridx Rover IDX
The Rover IDX plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0.0.2905.
network
low complexity
roveridx CWE-306
8.8
8.8
2024-10-20 CVE-2024-49328 Missing Authentication for Critical Function vulnerability in Vivektamrakar WP Rest API FNS
Authentication Bypass Using an Alternate Path or Channel vulnerability in Vivek Tamrakar WP REST API FNS allows Authentication Bypass.This issue affects WP REST API FNS: from n/a through 1.0.0.
network
low complexity
vivektamrakar CWE-306
critical
 9.8
9.8
2024-10-20 CVE-2024-49604 Missing Authentication for Critical Function vulnerability in Najeebmedia Simple User Registration
Authentication Bypass Using an Alternate Path or Channel vulnerability in Najeeb Ahmad Simple User Registration allows Authentication Bypass.This issue affects Simple User Registration: from n/a through 5.5.
network
low complexity
najeebmedia CWE-306
critical
 9.8
9.8
2024-10-17 CVE-2024-9861 Missing Authentication for Critical Function vulnerability in Miniorange OTP Verification With Firebase
The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.6.0.
network
high complexity
miniorange CWE-306
8.1
8.1
2024-10-15 CVE-2024-9984 Missing Authentication for Critical Function vulnerability in Ragic Enterprise Cloud Database
Enterprise Cloud Database from Ragic does not authenticate access to specific functionality, allowing unauthenticated remote attackers to use this functionality to obtain any user's session cookie.
network
low complexity
ragic CWE-306
critical
 9.8
9.8
2024-10-10 CVE-2024-9522 Missing Authentication for Critical Function vulnerability in Lagunaisw WP Users Masquerade
The WP Users Masquerade plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.0.
network
low complexity
lagunaisw CWE-306
8.8
8.8
2024-10-02 CVE-2024-35294 An unauthenticated remote attacker may use the devices traffic capture without authentication to grab plaintext administrative credentials.
network
low complexity
CWE-306
6.5
6.5
2024-10-02 CVE-2024-35293 An unauthenticated remote attacker may use a missing authentication for critical function vulnerability to reboot or erase the affected devices resulting in data loss and/or a DoS.
network
low complexity
CWE-306
critical
 9.1
9.1
2024-10-01 CVE-2024-9289 Missing Authentication for Critical Function vulnerability in Redefiningtheweb Affiliate PRO
The WordPress & WooCommerce Affiliate Program plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 8.4.1.
network
low complexity
redefiningtheweb CWE-306
critical
 9.8
9.8