VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> Missing Authorization
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2024-10-16
CVE-2024-45461
Missing Authorization vulnerability in Apache Cloudstack
The CloudStack Quota feature allows cloud administrators to implement a quota or usage limit system for cloud resources, and is disabled by default.
network
low complexity
apache
CWE-862
6.3
6.3
2024-10-16
CVE-2018-25105
Missing Authorization vulnerability in Filemanagerpro File Manager
The File Manager plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the /inc/root.php file in versions up to, and including, 3.0.
network
low complexity
filemanagerpro
CWE-862
critical
9.8
9.8
2024-10-16
CVE-2019-25214
The ShopWP plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST API routes in versions up to, and including, 2.0.4.
network
low complexity
CWE-862
7.2
7.2
2024-10-16
CVE-2019-25215
The ARI-Adminer plugin for WordPress is vulnerable to authorization bypass due to a lack of file access controls in nearly every file of the plugin in versions up to, and including, 1.1.14.
network
low complexity
CWE-862
7.3
7.3
2024-10-16
CVE-2019-25217
The SiteGround Optimizer plugin for WordPress is vulnerable to authorization bypass leading to Remote Code Execution and Local File Inclusion in versions up to, and including, 5.0.12 due to incorrect use of an access control attribute on the switch_php function called via the /switch-php REST API route.
network
low complexity
CWE-862
critical
9.8
9.8
2024-10-16
CVE-2020-36833
The Indeed Membership Pro plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on various AJAX actions in versions 7.3 - 8.6.
network
low complexity
CWE-862
6.3
6.3
2024-10-16
CVE-2020-36834
The Discount Rules for WooCommerce plugin for WordPress is vulnerable to missing authorization via several AJAX actions in versions up to, and including, 2.0.2 due to missing capability checks on various functions.
network
low complexity
CWE-862
6.3
6.3
2024-10-16
CVE-2020-36837
The ThemeGrill Demo Importer plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the reset_wizard_actions function in versions 1.3.4 through 1.6.1.
network
low complexity
CWE-862
critical
9.9
9.9
2024-10-16
CVE-2021-4445
The Premium Addons for Elementor plugin for WordPress is vulnerable to Arbitrary Option Updates in versions up to, and including, 4.5.1.
network
low complexity
CWE-862
6.5
6.5
2024-10-16
CVE-2021-4446
The Essential Addons for Elementor plugin for WordPress is vulnerable to authorization bypass in versions up to and including 4.6.4 due to missing capability checks and nonce disclosure.
network
low complexity
CWE-862
6.3
6.3
«
Previous
1
2
...
14
15
16
(current)
17
18
...
227
228
»
Next