Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-02 | CVE-2024-5545 | Missing Authorization vulnerability in Stylemixthemes Motors - CAR Dealer, Classifieds & Listing The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the stm_edit_delete_user_car function in all versions up to, and including, 1.4.8. | 5.3 |
| 2024-07-01 | CVE-2024-36995 | Missing Authorization vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could create experimental items. | 3.5 |
| 2024-07-01 | CVE-2024-6375 | Missing Authorization vulnerability in Mongodb A command for refining a collection shard key is missing an authorization check. | 6.5 |
| 2024-06-27 | CVE-2024-3115 | Missing Authorization vulnerability in Gitlab An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows an attacker to access issues and epics without having an SSO session using Duo Chat. | 4.3 |
| 2024-06-25 | CVE-2024-6303 | Missing Authorization vulnerability in Conduit Missing authorization in Client-Server API in Conduit <=0.7.0, allowing for any alias to be removed and added to another room, which can be used for privilege escalation by moving the #admins alias to a room which they control, allowing them to run commands resetting passwords, siging json with the server's key, deactivating users, and more | 8.8 |
| 2024-06-24 | CVE-2024-37111 | Missing Authorization vulnerability in Wishlistmember Wishlist Member X Missing Authorization vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a before 3.26.7. | 7.5 |
| 2024-06-22 | CVE-2024-6120 | Missing Authorization vulnerability in Wpneuron Sparkle Demo Importer The Sparkle Demo Importer plugin for WordPress is vulnerable to unauthorized database reset and demo data import due to a missing capability check on the multiple functions in all versions up to and including 1.4.7. | 6.5 |
| 2024-06-21 | CVE-2022-43453 | Missing Authorization vulnerability in Billminozzi WP Tools Missing Authorization vulnerability in Bill Minozzi WP Tools.This issue affects WP Tools: from n/a through 3.41. | 8.8 |
| 2024-06-21 | CVE-2022-45803 | Missing Authorization vulnerability in Gutenbergforms Gutenberg Forms Missing Authorization vulnerability in Nikolay Strikhar WordPress Form Builder Plugin – Gutenberg Forms.This issue affects WordPress Form Builder Plugin – Gutenberg Forms: from n/a through 2.2.8.3. | 8.8 |
| 2024-06-21 | CVE-2023-51375 | Missing Authorization vulnerability in Wpdeveloper Embedpress Missing Authorization vulnerability in WPDeveloper EmbedPress.This issue affects EmbedPress: from n/a through 3.8.3. | 8.8 |