Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-25 | CVE-2022-0634 | Missing Authorization vulnerability in Caseproof Thirstyaffiliates Affiliate Link Manager The ThirstyAffiliates WordPress plugin before 3.10.5 lacks authorization checks in the ta_insert_external_image action, allowing a low-privilege user (with a role as low as Subscriber) to add an image from an external URL to an affiliate link. | 4.3 |
| 2022-04-25 | CVE-2022-1092 | Missing Authorization vulnerability in Mycred The myCred WordPress plugin before 2.4.3.1 does not have authorisation and CSRF checks in its mycred-tools-import-export AJAX action, allowing any authenticated user to call and and retrieve the list of email address present in the blog | 4.3 |
| 2022-04-20 | CVE-2022-25342 | Missing Authorization vulnerability in Olivetti D-Color Mf3555 Firmware 2Xds000.002.271 An issue was discovered on Olivetti d-COLOR MF3555 2XD_S000.002.271 devices. | 8.1 |
| 2022-04-19 | CVE-2022-1329 | Missing Authorization vulnerability in Elementor Website Builder 3.6.0/3.6.1/3.6.2 The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the ~/core/app/modules/onboarding/module.php file that make it possible for attackers to modify site data in addition to uploading malicious files that can be used to obtain remote code execution, in versions 3.6.0 to 3.6.2. | 8.8 |
| 2022-04-19 | CVE-2022-1384 | Missing Authorization vulnerability in Mattermost Server Mattermost version 6.4.x and earlier fails to properly check the plugin version when a plugin is installed from the Marketplace, which allows an authenticated and an authorized user to install and exploit an old plugin version from the Marketplace which might have known vulnerabilities. | 6.0 |
| 2022-04-18 | CVE-2022-1020 | Missing Authorization vulnerability in Codeastrology WOO Product Table The Product Table for WooCommerce (wooproducttable) WordPress plugin before 3.1.2 does not have authorisation and CSRF checks in the wpt_admin_update_notice_option AJAX action (available to both unauthenticated and authenticated users), as well as does not validate the callback parameter, allowing unauthenticated attackers to call arbitrary functions with either none or one user controlled argument | 7.5 |
| 2022-04-18 | CVE-2022-1054 | Missing Authorization vulnerability in Wpchill Rsvp and Event Management The RSVP and Event Management Plugin WordPress plugin before 2.7.8 does not have any authorisation checks when exporting its entries, and has the export function hooked to the init action. | 5.0 |
| 2022-04-12 | CVE-2022-29051 | Missing Authorization vulnerability in Jenkins Publish Over FTP Missing permission checks in Jenkins Publish Over FTP Plugin 1.16 and earlier allow attackers with Overall/Read permission to connect to an FTP server using attacker-specified credentials. | 4.3 |
| 2022-04-12 | CVE-2021-39808 | Missing Authorization vulnerability in Google Android 10.0/11.0/12.0 In createNotificationChannelGroup of PreferencesHelper.java, there is a possible way for a service to run in foreground without user notification due to improper input validation. | 7.2 |
| 2022-04-12 | CVE-2022-27669 | Missing Authorization vulnerability in SAP Netweaver Application Server for Java 7.50 An unauthenticated user can use functions of XML Data Archiving Service of SAP NetWeaver Application Server for Java - version 7.50, to which access should be restricted. | 5.0 |