Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-24 | CVE-2021-36917 | Missing Authorization vulnerability in Wpwave Hide MY WP 6.2.3 WordPress Hide My WP plugin (versions <= 6.2.3) can be deactivated by any unauthenticated user. | 7.5 |
| 2021-11-24 | CVE-2021-20835 | Missing Authorization vulnerability in Mercari 3.51.0/3.52.0 Improper authorization in handler for custom URL scheme vulnerability in Android App 'Mercari (Merpay) - Marketplace and Mobile Payments App' (Japan version) versions prior to 4.49.1 allows a remote attacker to lead a user to access an arbitrary website and the website launches an arbitrary Activity of the app via the vulnerable App, which may result in Mercari account's access token being obtained. | 7.5 |
| 2021-11-19 | CVE-2021-39231 | Missing Authorization vulnerability in Apache Ozone In Apache Ozone versions prior to 1.2.0, Various internal server-to-server RPC endpoints are available for connections, making it possible for an attacker to download raw data from Datanode and Ozone manager and modify Ratis replication configuration. | 9.1 |
| 2021-11-19 | CVE-2021-39232 | Missing Authorization vulnerability in Apache Ozone In Apache Ozone versions prior to 1.2.0, certain admin related SCM commands can be executed by any authenticated users, not just by admins. | 8.8 |
| 2021-11-19 | CVE-2021-39236 | Missing Authorization vulnerability in Apache Ozone In Apache Ozone before 1.2.0, Authenticated users with valid Ozone S3 credentials can create specific OM requests, impersonating any other user. | 8.8 |
| 2021-11-18 | CVE-2021-0672 | Missing Authorization vulnerability in Google Android In Browser app, there is a possible information disclosure due to a missing permission check. | 5.5 |
| 2021-11-18 | CVE-2021-36909 | Missing Authorization vulnerability in Webfactoryltd WP Reset PRO Authenticated Database Reset vulnerability in WordPress WP Reset PRO Premium plugin (versions <= 5.98) allows any authenticated user to wipe the entire database regardless of their authorization. | 8.1 |
| 2021-11-17 | CVE-2021-24851 | Missing Authorization vulnerability in Insert Pages Project Insert Pages The Insert Pages WordPress plugin before 3.7.0 allows users with a role as low as Contributor to access content and metadata from arbitrary posts/pages regardless of their author and status (ie private), using a shortcode. | 4.3 |
| 2021-11-10 | CVE-2021-40501 | Missing Authorization vulnerability in SAP Abap Platform Kernel SAP ABAP Platform Kernel - versions 7.77, 7.81, 7.85, 7.86, does not perform necessary authorization checks for an authenticated business user, resulting in escalation of privileges. | 8.1 |
| 2021-11-05 | CVE-2021-42359 | Missing Authorization vulnerability in Legalweb WP Dsgvo Tools WP DSGVO Tools (GDPR) <= 3.1.23 had an AJAX action, ‘admin-dismiss-unsubscribe‘, which lacked a capability check and a nonce check and was available to unauthenticated users, and did not check the post type when deleting unsubscription requests. | 9.1 |