Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-05 | CVE-2022-38367 | Missing Authorization vulnerability in Netic User Export for Jira The Netic User Export add-on before 2.0.6 for Atlassian Jira does not perform authorization checks. | 5.3 |
| 2022-09-05 | CVE-2022-2657 | Missing Authorization vulnerability in Wc-Marketplace Multivendor Marketplace Solution for Woocommerce - WC Marketplace The Multivendor Marketplace Solution for WooCommerce WordPress plugin before 3.8.12 is lacking authorisation and CSRF in multiple AJAX actions, which could allow any authenticated users, such as subscriber to call them and suspend vendors (reporter by the submitter) or update arbitrary order status (identified by WPScan when verifying the issue) for example. | 4.3 |
| 2022-09-05 | CVE-2022-38370 | Missing Authorization vulnerability in Apache Iotdb 0.13.0 Apache IoTDB grafana-connector version 0.13.0 contains an interface without authorization, which may expose the internal structure of database. | 7.5 |
| 2022-09-02 | CVE-2022-36642 | Missing Authorization vulnerability in Telosalliance Omnia MPX Node Firmware A local file disclosure vulnerability in /appConfig/userDB.json of Telos Alliance Omnia MPX Node through 1.0.0-1.4.9 allows attackers to access users credentials which makes him able to gain initial access to the control panel with high privilege because the cleartext storage of sensitive information which can be unlatched by exploiting the LFD vulnerability. | 9.8 |
| 2022-08-29 | CVE-2022-2373 | Missing Authorization vulnerability in Nsqua Simply Schedule Appointments The Simply Schedule Appointments WordPress plugin before 1.5.7.7 is missing authorisation in a REST endpoint, allowing unauthenticated users to retrieve WordPress users details such as name and email address | 5.3 |
| 2022-08-26 | CVE-2022-36226 | Missing Authorization vulnerability in Siteservercms Project Siteservercms SiteServerCMS 5.X has a Remote-download-Getshell-vulnerability via /SiteServer/Ajax/ajaxOtherService.aspx. | 7.2 |
| 2022-08-22 | CVE-2022-2276 | Missing Authorization vulnerability in WP Edit Menu Project WP Edit Menu The WP Edit Menu WordPress plugin before 1.5.0 does not have authorisation and CSRF in an AJAX action, which could allow unauthenticated attackers to delete arbitrary posts/pages from the blog | 4.3 |
| 2022-08-22 | CVE-2022-2377 | Missing Authorization vulnerability in Wpwax Directorist The Directorist WordPress plugin before 7.3.0 does not have authorisation and CSRF checks in an AJAX action, allowing any authenticated users to send arbitrary emails on behalf of the blog | 4.3 |
| 2022-08-22 | CVE-2022-2382 | Missing Authorization vulnerability in Shapedplugin Product Slider for Woocommerce The Product Slider for WooCommerce WordPress plugin before 2.5.7 has flawed CSRF checks and lack authorisation in some of its AJAX actions, allowing any authenticated users, such as subscriber to call them. | 4.3 |
| 2022-08-22 | CVE-2022-2389 | Missing Authorization vulnerability in Funnelkit Automations The Abandoned Cart Recovery for WooCommerce, Follow Up Emails, Newsletter Builder & Marketing Automation By Autonami WordPress plugin before 2.1.2 does not have authorisation and CSRF checks in one of its AJAX action, allowing any authenticated users, such as subscriber to create automations | 4.3 |