Vulnerabilities > Missing Authorization
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-11-15 | CVE-2022-45399 | Missing Authorization vulnerability in Jenkins Cluster Statistics 0.4.6 A missing permission check in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics. | 4.3 |
2022-11-14 | CVE-2022-2450 | Missing Authorization vulnerability in Resmush.It Image Optimizer The reSmush.it : the only free Image Optimizer & compress plugin WordPress plugin before 0.4.4 lacks authorization in various AJAX actions, allowing any logged-in users, such as subscribers to call them. | 4.3 |
2022-11-14 | CVE-2022-3538 | Missing Authorization vulnerability in Webmaster Tools Verification Project Webmaster Tools Verification The Webmaster Tools Verification WordPress plugin through 1.2 does not have authorisation and CSRF checks when disabling plugins, allowing unauthenticated users to disable arbitrary plugins | 6.5 |
2022-11-08 | CVE-2022-20446 | Missing Authorization vulnerability in Google Android 10.0/11.0 In AlwaysOnHotwordDetector of AlwaysOnHotwordDetector.java, there is a possible way to access the microphone from the background due to a missing permission check. | 3.3 |
2022-11-08 | CVE-2022-20450 | Missing Authorization vulnerability in Google Android In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way to bypass user consent due to a missing permission check. | 7.8 |
2022-11-08 | CVE-2022-20451 | Missing Authorization vulnerability in Google Android In onCallRedirectionComplete of CallsManager.java, there is a possible permissions bypass due to a missing permission check. | 7.8 |
2022-11-08 | CVE-2022-40223 | Missing Authorization vulnerability in Searchwp Nonce token leakage and missing authorization in SearchWP premium plugin <= 4.2.5 on WordPress leading to plugin settings change. | 4.3 |
2022-11-07 | CVE-2022-3451 | Missing Authorization vulnerability in Addify Product Stock Manager The Product Stock Manager WordPress plugin before 1.0.5 does not have authorisation and proper CSRF checks in multiple AJAX actions, allowing users with a role as low as subscriber to call them. | 4.3 |
2022-11-07 | CVE-2022-3489 | Missing Authorization vulnerability in Weberge WP Hide 0.0.2 The WP Hide WordPress plugin through 0.0.2 does not have authorisation and CSRF checks in place when updating the custom_wpadmin_slug settings, allowing unauthenticated attackers to update it with a crafted request | 5.3 |
2022-11-03 | CVE-2022-36404 | Missing Authorization vulnerability in Coleds Simple SEO Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO (WordPress plugin) plugin <= 1.8.12 versions. | 5.4 |