Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-27 | CVE-2017-13316 | Missing Authorization vulnerability in Google Android In checkPermissions of RecognitionService.java, there is a possible permissions bypass due to a missing permission check. | 7.8 |
| 2024-11-26 | CVE-2024-10579 | The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the preview_module() function in all versions up to, and including, 7.8.5. | 4.3 |
| 2024-11-23 | CVE-2024-10606 | Missing Authorization vulnerability in Wptravelengine WP Travel Engine The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpte_onboard_save_function_callback() function in all versions up to, and including, 6.2.1. | 4.3 |
| 2024-11-23 | CVE-2024-10216 | Missing Authorization vulnerability in Wpusermanager WP User Manager The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'add_sidebar' and 'remove_sidebar' functions in all versions up to, and including, 2.9.11. | 4.3 |
| 2024-11-23 | CVE-2024-10537 | Missing Authorization vulnerability in Wpusermanager WP User Manager The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the validate_user_meta_key() function in all versions up to, and including, 2.9.11. | 4.3 |
| 2024-11-23 | CVE-2024-9223 | The WPDash Notes plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wp_ajax_post_it_list_comment' function in all versions up to, and including, 1.3.5. | 4.3 |
| 2024-11-22 | CVE-2024-11104 | Missing Authorization vulnerability in Wowdevs SKY Addons for Elementor The Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blogs) plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the save_options() function in all versions up to, and including, 2.6.2. | 8.1 |
| 2024-11-22 | CVE-2024-11355 | The Ultimate YouTube Video & Shorts Player With Vimeo plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_setting() function in all versions up to, and including, 3.3. | 4.3 |
| 2024-11-22 | CVE-2024-11601 | Missing Authorization vulnerability in Wowdevs SKY Addons for Elementor The Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blog, Video Gallery) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.1. | 8.1 |
| 2024-11-21 | CVE-2024-10528 | The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to unauthorized profile picture updates due to a missing capability check on the wp_ajax_um_resize_image() and ajax_resize_image() functions in all versions up to, and including, 2.8.9. | 4.3 |