Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-25 | CVE-2024-9628 | The WPS Telegram Chat plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'Wps_Telegram_Chat_Admin::check?onnection' function in versions up to, and including, 4.5.4. | 6.3 |
| 2024-10-25 | CVE-2024-9630 | The WPS Telegram Chat plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when accessing messages in versions up to, and including, 4.5.4. | 5.4 |
| 2024-10-25 | CVE-2024-9109 | Missing Authorization vulnerability in Octolize Woocommerce UPS Shipping The WooCommerce UPS Shipping – Live Rates and Access Points plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_oauth_data function in all versions up to, and including, 2.3.11. | 4.3 |
| 2024-10-25 | CVE-2024-9686 | Missing Authorization vulnerability in Choplugins Order Notification for Telegram The Order Notification for Telegram plugin for WordPress is vulnerable to unauthorized test message sending due to a missing capability check on the 'nktgnfw_send_test_message' function in versions up to, and including, 1.0.1. | 5.3 |
| 2024-10-24 | CVE-2024-49357 | Missing Authorization vulnerability in Zimaspace Zimaos ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. | 7.5 |
| 2024-10-24 | CVE-2024-48932 | Missing Authorization vulnerability in Zimaspace Zimaos ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. | 5.3 |
| 2024-10-24 | CVE-2024-8667 | The HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized post publication due to a missing capability check on the activateCampaign() function in all versions up to, and including, 2.10.0. | 4.3 |
| 2024-10-23 | CVE-2024-43924 | Missing Authorization vulnerability in Dfactory Responsive Lightbox Missing Authorization vulnerability in dFactory Responsive Lightbox allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Responsive Lightbox: from n/a through 2.4.7. | 9.8 |
| 2024-10-23 | CVE-2024-9583 | Missing Authorization vulnerability in Rebelcode RSS Aggregator The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the wprss_ajax_send_premium_support function in all versions up to, and including, 4.23.12. | 5.4 |
| 2024-10-23 | CVE-2024-9829 | Missing Authorization vulnerability in Metagauss Download Plugin The Download Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability checks on the 'dpwap_handle_download_user' and 'dpwap_handle_download_comment' functions in all versions up to, and including, 2.2.0. | 6.5 |