Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-15 | CVE-2022-45399 | Missing Authorization vulnerability in Jenkins Cluster Statistics 0.4.6 A missing permission check in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics. | 4.3 |
| 2022-11-14 | CVE-2022-3538 | Missing Authorization vulnerability in Webmaster Tools Verification Project Webmaster Tools Verification The Webmaster Tools Verification WordPress plugin through 1.2 does not have authorisation and CSRF checks when disabling plugins, allowing unauthenticated users to disable arbitrary plugins | 6.5 |
| 2022-11-08 | CVE-2022-20446 | Missing Authorization vulnerability in Google Android 10.0/11.0 In AlwaysOnHotwordDetector of AlwaysOnHotwordDetector.java, there is a possible way to access the microphone from the background due to a missing permission check. | 3.3 |
| 2022-11-08 | CVE-2022-20450 | Missing Authorization vulnerability in Google Android In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way to bypass user consent due to a missing permission check. | 7.8 |
| 2022-11-08 | CVE-2022-20451 | Missing Authorization vulnerability in Google Android In onCallRedirectionComplete of CallsManager.java, there is a possible permissions bypass due to a missing permission check. | 7.8 |
| 2022-11-08 | CVE-2022-40223 | Missing Authorization vulnerability in Searchwp Nonce token leakage and missing authorization in SearchWP premium plugin <= 4.2.5 on WordPress leading to plugin settings change. | 4.3 |
| 2022-11-07 | CVE-2022-3451 | Missing Authorization vulnerability in Addify Product Stock Manager The Product Stock Manager WordPress plugin before 1.0.5 does not have authorisation and proper CSRF checks in multiple AJAX actions, allowing users with a role as low as subscriber to call them. | 4.3 |
| 2022-11-07 | CVE-2022-3489 | Missing Authorization vulnerability in Weberge WP Hide 0.0.2 The WP Hide WordPress plugin through 0.0.2 does not have authorisation and CSRF checks in place when updating the custom_wpadmin_slug settings, allowing unauthenticated attackers to update it with a crafted request | 5.3 |
| 2022-10-28 | CVE-2022-3400 | Missing Authorization vulnerability in Bricksbuilder Bricks The Bricks theme for WordPress is vulnerable to authorization bypass due to a missing capability check on the bricks_save_post AJAX action in versions 1.0 to 1.5.3. | 6.5 |
| 2022-10-28 | CVE-2022-3320 | Missing Authorization vulnerability in Cloudflare Warp It was possible to bypass policies configured for Zero Trust Secure Web Gateway by using warp-cli 'set-custom-endpoint' subcommand. | 9.8 |