Vulnerabilities > Missing Authorization
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-07-24 | CVE-2024-6836 | Missing Authorization vulnerability in Funnelkit Funnel Builder The Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple functions in all versions up to, and including, 3.4.6. | 4.3 |
2024-07-24 | CVE-2024-5861 | Missing Authorization vulnerability in Wpeasypay WP Easypay The WP EasyPay – Square for WordPress plugin for WordPress is vulnerable to unauthorized modification of datadue to a missing capability check on the wpep_square_disconnect() function in all versions up to, and including, 4.2.3. | 6.5 |
2024-07-24 | CVE-2024-6750 | Missing Authorization vulnerability in Wpwebinfotech Social Auto Poster The Social Auto Poster plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.3.14. | 7.5 |
2024-07-24 | CVE-2024-6754 | Missing Authorization vulnerability in Wpwebinfotech Social Auto Poster The Social Auto Poster plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the ‘wpw_auto_poster_update_tweet_template’ function in all versions up to, and including, 5.3.14. | 4.3 |
2024-07-24 | CVE-2024-6755 | Missing Authorization vulnerability in Wpwebinfotech Social Auto Poster The Social Auto Poster plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the ‘wpw_auto_poster_quick_delete_multiple’ function in all versions up to, and including, 5.3.14. | 5.3 |
2024-07-22 | CVE-2024-6805 | Missing Authorization vulnerability in NI Veristand The NI VeriStand Gateway is missing authorization checks when an actor attempts to access File Transfer resources. | 9.8 |
2024-07-22 | CVE-2024-6806 | Missing Authorization vulnerability in NI Veristand The NI VeriStand Gateway is missing authorization checks when an actor attempts to access Project resources. | 9.8 |
2024-07-19 | CVE-2024-6799 | Missing Authorization vulnerability in Yithemes Yith Essential KIT for Woocommerce The YITH Essential Kit for WooCommerce #1 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'activate_module', 'deactivate_module', and 'install_module' functions in all versions up to, and including, 2.34.0. | 4.3 |
2024-07-17 | CVE-2024-5703 | Missing Authorization vulnerability in Icegram Email Subscribers & Newsletters The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized API access due to a missing capability check in all versions up to, and including, 5.7.26. | 4.3 |
2024-07-17 | CVE-2024-6033 | Missing Authorization vulnerability in Themewinter Eventin The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to unauthorized data importation due to a missing capability check on the 'import_file' function in all versions up to, and including, 4.0.4. | 4.3 |