Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-15 | CVE-2024-10897 | Missing Authorization vulnerability in Themeum Tutor LMS Elementor Addons The Tutor LMS Elementor Addons plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the install_etlms_dependency_plugin() function in all versions up to, and including, 2.1.5. | 4.3 |
| 2024-11-13 | CVE-2024-40661 | Missing Authorization vulnerability in Google Android In mayAdminGrantPermission of AdminRestrictedPermissionsUtils.java, there is a possible way to access the microphone due to a missing permission check. | 7.8 |
| 2024-11-13 | CVE-2024-40671 | Missing Authorization vulnerability in Google Android In DevmemIntChangeSparse2 of devicemem_server.c, there is a possible way to achieve arbitrary code execution due to a missing permission check. | 7.8 |
| 2024-11-13 | CVE-2024-43088 | Missing Authorization vulnerability in Google Android In multiple functions in AppInfoBase.java, there is a possible way to manipulate app permission settings belonging to another user on the device due to a missing permission check. | 7.8 |
| 2024-11-13 | CVE-2024-43089 | Missing Authorization vulnerability in Google Android In updateInternal of MediaProvider.java , there is a possible access of another app's files due to a missing permission check. | 7.8 |
| 2024-11-13 | CVE-2024-43090 | Missing Authorization vulnerability in Google Android In multiple locations, there is a possible cross-user image read due to a missing permission check. | 5.0 |
| 2024-11-13 | CVE-2024-10802 | The Hash Elements plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hash_elements_get_posts_title_by_id() function in all versions up to, and including, 1.4.7. | 5.3 |
| 2024-11-13 | CVE-2024-10530 | Missing Authorization vulnerability in Kognetiks Chatbot The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the add_new_assistant() function in all versions up to, and including, 2.1.7. | 4.3 |
| 2024-11-13 | CVE-2024-10629 | The GPX Viewer plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check and file type validation in the gpxv_file_upload() function in all versions up to, and including, 2.2.8. | 8.8 |
| 2024-11-13 | CVE-2024-10717 | The Styler for Ninja Forms plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the deactivate_license function in all versions up to, and including, 3.3.4. | 6.5 |