Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-03 | CVE-2022-28789 | Missing Authorization vulnerability in Samsung Voice Note Unprotected activities in Voice Note prior to version 21.3.51.11 allows attackers to record voice without user interaction. | 2.1 |
| 2022-05-02 | CVE-2021-25002 | Missing Authorization vulnerability in Tipsacarrier Project Tipsacarrier 1.4.4.2 The Tipsacarrier WordPress plugin before 1.5.0.5 does not have any authorisation check in place some functions, which could allow unauthenticated users to access Orders data which could be used to retrieve the client full address, name and phone via tracking URL | 7.5 |
| 2022-05-02 | CVE-2022-0952 | Missing Authorization vulnerability in Sitemap Project Sitemap 1.0.0 The Sitemap by click5 WordPress plugin before 1.0.36 does not have authorisation and CSRF checks when updating options via a REST endpoint, and does not ensure that the option to be updated belongs to the plugin. | 8.8 |
| 2022-04-29 | CVE-2021-43938 | Missing Authorization vulnerability in Smartptt Scada Server 1.4 Elcomplus SmartPTT SCADA Server is vulnerable to an unauthenticated user can request various files from the server without any authentication or authorization. | 7.5 |
| 2022-04-29 | CVE-2021-44595 | Missing Authorization vulnerability in Wondershare Dr.Fone 20211206 Wondershare Dr. | 8.8 |
| 2022-04-29 | CVE-2022-29906 | Missing Authorization vulnerability in Mediawiki The admin API module in the QuizGame extension for MediaWiki through 1.37.2 (before 665e33a68f6fa1167df99c0aa18ed0157cdf9f66) omits a check for the quizadmin user. | 9.8 |
| 2022-04-28 | CVE-2022-1511 | Missing Authorization vulnerability in Snipeitapp Snipe-It Missing Authorization in GitHub repository snipe/snipe-it prior to 5.4.4. | 6.5 |
| 2022-04-25 | CVE-2022-0287 | Missing Authorization vulnerability in Mycred The myCred WordPress plugin before 2.4.4.1 does not have any authorisation in place in its mycred-tools-select-user AJAX action, allowing any authenticated user, such as subscriber to call and retrieve all email addresses from the blog | 4.3 |
| 2022-04-25 | CVE-2022-0363 | Missing Authorization vulnerability in Mycred The myCred WordPress plugin before 2.4.3.1 does not have any authorisation and CSRF checks in the mycred-tools-import-export AJAX action, allowing any authenticated users, such as subscribers, to call it and import mycred setup, thus creating badges, managing points or creating arbitrary posts. | 4.3 |
| 2022-04-25 | CVE-2022-0398 | Missing Authorization vulnerability in Caseproof Thirstyaffiliates Affiliate Link Manager The ThirstyAffiliates Affiliate Link Manager WordPress plugin before 3.10.5 does not have authorisation and CSRF checks when creating affiliate links, which could allow any authenticated user, such as subscriber to create arbitrary affiliate links, which could then be used to redirect users to an arbitrary website | 5.4 |