Vulnerabilities > Missing Authorization

DATE CVE VULNERABILITY TITLE RISK
2024-02-10 CVE-2024-0595 Missing Authorization vulnerability in Getawesomesupport Awesome Support
The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpas_get_users() function hooked via AJAX in all versions up to, and including, 6.1.7.
network
low complexity
getawesomesupport CWE-862
4.3
2024-02-10 CVE-2024-0596 Missing Authorization vulnerability in Getawesomesupport Awesome Support
The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the editor_html() function in all versions up to, and including, 6.1.7.
network
low complexity
getawesomesupport CWE-862
5.3
2024-02-09 CVE-2024-1122 Missing Authorization vulnerability in Themewinter Eventin
The Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_data() function in all versions up to, and including, 3.3.50.
network
low complexity
themewinter CWE-862
5.3
2024-02-07 CVE-2024-24822 Missing Authorization vulnerability in Pimcore Admin Classic Bundle
Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore.
network
low complexity
pimcore CWE-862
critical
9.1
2024-02-07 CVE-2024-1109 Missing Authorization vulnerability in Podlove Podcast Publisher
The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the init_download() and init() functions in all versions up to, and including, 4.0.11.
network
low complexity
podlove CWE-862
5.3
2024-02-07 CVE-2024-1110 Missing Authorization vulnerability in Podlove Podcast Publisher
The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init() function in all versions up to, and including, 4.0.11.
network
low complexity
podlove CWE-862
5.3
2024-02-07 CVE-2024-1078 Missing Authorization vulnerability in Ays-Pro Quiz Maker
The Quiz Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ays_quick_start() and add_question_rows() functions in all versions up to, and including, 6.5.2.4.
network
low complexity
ays-pro CWE-862
4.3
2024-02-07 CVE-2024-1079 Missing Authorization vulnerability in Ays-Pro Quiz Maker
The Quiz Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_show_results() function in all versions up to, and including, 6.5.2.4.
network
low complexity
ays-pro CWE-862
5.3
2024-02-05 CVE-2024-0370 Missing Authorization vulnerability in Formviewswp Views for Wpforms
The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_view' function in all versions up to, and including, 3.2.2.
network
low complexity
formviewswp CWE-862
4.3
2024-02-05 CVE-2024-0371 Missing Authorization vulnerability in Formviewswp Views for Wpforms
The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'create_view' function in all versions up to, and including, 3.2.2.
network
low complexity
formviewswp CWE-862
4.3