Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-02 | CVE-2022-0952 | Missing Authorization vulnerability in Sitemap Project Sitemap 1.0.0 The Sitemap by click5 WordPress plugin before 1.0.36 does not have authorisation and CSRF checks when updating options via a REST endpoint, and does not ensure that the option to be updated belongs to the plugin. | 8.8 |
| 2022-04-29 | CVE-2021-43938 | Missing Authorization vulnerability in Smartptt Scada Server 1.4 Elcomplus SmartPTT SCADA Server is vulnerable to an unauthenticated user can request various files from the server without any authentication or authorization. | 9.8 |
| 2022-04-29 | CVE-2021-44595 | Missing Authorization vulnerability in Wondershare Dr.Fone 20211206 Wondershare Dr. | 8.8 |
| 2022-04-29 | CVE-2022-29906 | Missing Authorization vulnerability in Mediawiki The admin API module in the QuizGame extension for MediaWiki through 1.37.2 (before 665e33a68f6fa1167df99c0aa18ed0157cdf9f66) omits a check for the quizadmin user. | 9.8 |
| 2022-04-25 | CVE-2022-0287 | Missing Authorization vulnerability in Mycred The myCred WordPress plugin before 2.4.4.1 does not have any authorisation in place in its mycred-tools-select-user AJAX action, allowing any authenticated user, such as subscriber to call and retrieve all email addresses from the blog | 4.3 |
| 2022-04-25 | CVE-2022-0363 | Missing Authorization vulnerability in Mycred The myCred WordPress plugin before 2.4.3.1 does not have any authorisation and CSRF checks in the mycred-tools-import-export AJAX action, allowing any authenticated users, such as subscribers, to call it and import mycred setup, thus creating badges, managing points or creating arbitrary posts. | 4.3 |
| 2022-04-25 | CVE-2022-0398 | Missing Authorization vulnerability in Caseproof Thirstyaffiliates Affiliate Link Manager The ThirstyAffiliates Affiliate Link Manager WordPress plugin before 3.10.5 does not have authorisation and CSRF checks when creating affiliate links, which could allow any authenticated user, such as subscriber to create arbitrary affiliate links, which could then be used to redirect users to an arbitrary website | 5.4 |
| 2022-04-25 | CVE-2022-0634 | Missing Authorization vulnerability in Caseproof Thirstyaffiliates Affiliate Link Manager The ThirstyAffiliates WordPress plugin before 3.10.5 lacks authorization checks in the ta_insert_external_image action, allowing a low-privilege user (with a role as low as Subscriber) to add an image from an external URL to an affiliate link. | 4.3 |
| 2022-04-25 | CVE-2022-1092 | Missing Authorization vulnerability in Mycred The myCred WordPress plugin before 2.4.3.1 does not have authorisation and CSRF checks in its mycred-tools-import-export AJAX action, allowing any authenticated user to call and and retrieve the list of email address present in the blog | 4.3 |
| 2022-04-20 | CVE-2022-25342 | Missing Authorization vulnerability in Olivetti D-Color Mf3555 Firmware 2Xds000.002.271 An issue was discovered on Olivetti d-COLOR MF3555 2XD_S000.002.271 devices. | 8.1 |