Vulnerabilities > Missing Authorization
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-07-17 | CVE-2024-5703 | Missing Authorization vulnerability in Icegram Email Subscribers & Newsletters The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized API access due to a missing capability check in all versions up to, and including, 5.7.26. | 4.3 |
2024-07-17 | CVE-2024-6033 | Missing Authorization vulnerability in Themewinter Eventin The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to unauthorized data importation due to a missing capability check on the 'import_file' function in all versions up to, and including, 4.0.4. | 4.3 |
2024-07-17 | CVE-2024-6660 | Missing Authorization vulnerability in Reputeinfosystems Bookingpress The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the bookingpress_import_data_continue_process_func function in all versions up to, and including, 1.1.5. | 8.8 |
2024-07-11 | CVE-2024-0619 | Missing Authorization vulnerability in Payflex Payment Gateway The Payflex Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the payment_callback() function in all versions up to, and including, 2.5.0. | 5.3 |
2024-07-02 | CVE-2024-6088 | Missing Authorization vulnerability in Thimpress Learnpress The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized user registration due to a missing capability check on the 'register' function in all versions up to, and including, 4.2.6.8.1. | 5.3 |
2024-07-02 | CVE-2024-6012 | Missing Authorization vulnerability in Stylemixthemes Cost Calculator Builder The Cost Calculator Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'embed-create-page' and 'embed-insert-pages' functions in all versions up to, and including, 3.2.12. | 4.3 |
2024-07-02 | CVE-2024-5545 | Missing Authorization vulnerability in Stylemixthemes Motors - CAR Dealer, Classifieds & Listing The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the stm_edit_delete_user_car function in all versions up to, and including, 1.4.8. | 5.3 |
2024-07-01 | CVE-2024-6375 | Missing Authorization vulnerability in Mongodb A command for refining a collection shard key is missing an authorization check. | 6.5 |
2024-06-27 | CVE-2024-3115 | Missing Authorization vulnerability in Gitlab An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows an attacker to access issues and epics without having an SSO session using Duo Chat. | 4.3 |
2024-06-22 | CVE-2024-6120 | Missing Authorization vulnerability in Wpneuron Sparkle Demo Importer The Sparkle Demo Importer plugin for WordPress is vulnerable to unauthorized database reset and demo data import due to a missing capability check on the multiple functions in all versions up to and including 1.4.7. | 6.5 |