Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-08 | CVE-2022-24450 | Missing Authorization vulnerability in Nats Server and Nats Streaming Server NATS nats-server before 2.7.2 has Incorrect Access Control. | 8.8 |
| 2022-02-07 | CVE-2021-24839 | Missing Authorization vulnerability in Supportcandy The SupportCandy WordPress plugin before 2.2.5 does not have authorisation and CSRF checks in its wpsc_tickets AJAX action, which could allow unauthenticated users to call it and delete arbitrary tickets via the set_delete_permanently_bulk_ticket setting_action. | 5.0 |
| 2022-02-07 | CVE-2021-25084 | Missing Authorization vulnerability in Bracketspace Advanced Cron Manager The Advanced Cron Manager WordPress plugin before 2.4.2 and Advanced Cron Manager Pro WordPress plugin before 2.5.3 do not have authorisation checks in some of their AJAX actions, allowing any authenticated users, such as subscriber to call them and add or remove events as well as schedules for example | 4.0 |
| 2022-02-07 | CVE-2021-25095 | Missing Authorization vulnerability in Ip2Location Country Blocker The IP2Location Country Blocker WordPress plugin before 2.26.5 does not have authorisation and CSRF checks in the ip2location_country_blocker_save_rules AJAX action, allowing any authenticated users, such as subscriber to call it and block arbitrary country, or block all of them at once, preventing users from accessing the frontend. | 7.1 |
| 2022-02-01 | CVE-2021-25093 | Missing Authorization vulnerability in Link Library Project Link Library The Link Library WordPress plugin before 7.2.8 does not have authorisation in place when deleting links, allowing unauthenticated users to delete arbitrary links via a crafted request | 5.0 |
| 2022-01-27 | CVE-2021-44792 | Missing Authorization vulnerability in Krontech Single Connect Single Connect does not perform an authorization check when using the "log-monitor" module. | 5.3 |
| 2022-01-27 | CVE-2021-44793 | Missing Authorization vulnerability in Krontech Single Connect Single Connect does not perform an authorization check when using the sc-reports-ui" module. | 8.6 |
| 2022-01-27 | CVE-2021-44794 | Missing Authorization vulnerability in Krontech Single Connect Single Connect does not perform an authorization check when using the "sc-diagnostic-ui" module. | 5.3 |
| 2022-01-27 | CVE-2021-44795 | Missing Authorization vulnerability in Krontech Single Connect Single Connect does not perform an authorization check when using the "sc-assigned-credential-ui" module. | 5.3 |
| 2022-01-26 | CVE-2022-0203 | Missing Authorization vulnerability in Craterapp Crater Improper Access Control in GitHub repository crater-invoice/crater prior to 6.0.2. | 5.0 |