Vulnerabilities > Missing Authorization
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-09-21 | CVE-2022-41254 | Missing Authorization vulnerability in Jenkins Cons3Rt 1.0.0 Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 |
2022-09-14 | CVE-2022-40673 | Missing Authorization vulnerability in multiple products KDiskMark before 3.1.0 lacks authorization checking for D-Bus methods such as Helper::flushPageCache. | 7.8 |
2022-09-09 | CVE-2022-36856 | Missing Authorization vulnerability in Google Android 12.0 Improper access control vulnerability in Telecom application prior to SMR Sep-2022 Release 1 allows attacker to start emergency calls via undefined permission. | 3.3 |
2022-09-08 | CVE-2022-36091 | Missing Authorization vulnerability in Xwiki XWiki Platform Web Templates are templates for XWiki Platform, a generic wiki platform. | 7.5 |
2022-08-26 | CVE-2022-36226 | Missing Authorization vulnerability in Siteservercms Project Siteservercms SiteServerCMS 5.X has a Remote-download-Getshell-vulnerability via /SiteServer/Ajax/ajaxOtherService.aspx. | 7.2 |
2022-08-22 | CVE-2022-25810 | Missing Authorization vulnerability in Transposh Wordpress Translation The Transposh WordPress Translation WordPress plugin through 1.0.8 exposes a couple of sensitive actions such has “tp_reset” under the Utilities tab (/wp-admin/admin.php?page=tp_utils), which can be used/executed as the lowest-privileged user. | 6.5 |
2022-08-22 | CVE-2022-2276 | Missing Authorization vulnerability in WP Edit Menu Project WP Edit Menu The WP Edit Menu WordPress plugin before 1.5.0 does not have authorisation and CSRF in an AJAX action, which could allow unauthenticated attackers to delete arbitrary posts/pages from the blog | 4.3 |
2022-08-22 | CVE-2022-2377 | Missing Authorization vulnerability in Wpwax Directorist The Directorist WordPress plugin before 7.3.0 does not have authorisation and CSRF checks in an AJAX action, allowing any authenticated users to send arbitrary emails on behalf of the blog | 4.3 |
2022-08-22 | CVE-2022-2382 | Missing Authorization vulnerability in Shapedplugin Product Slider for Woocommerce The Product Slider for WooCommerce WordPress plugin before 2.5.7 has flawed CSRF checks and lack authorisation in some of its AJAX actions, allowing any authenticated users, such as subscriber to call them. | 4.3 |
2022-08-22 | CVE-2022-2389 | Missing Authorization vulnerability in Funnelkit Automations The Abandoned Cart Recovery for WooCommerce, Follow Up Emails, Newsletter Builder & Marketing Automation By Autonami WordPress plugin before 2.1.2 does not have authorisation and CSRF checks in one of its AJAX action, allowing any authenticated users, such as subscriber to create automations | 4.3 |