Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-21 | CVE-2024-10532 | The Bard Extra plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bardxtra_import_xml() function in all versions up to, and including, 1.2.7. | 4.3 |
| 2024-11-21 | CVE-2024-11334 | Missing Authorization vulnerability in Nes360 MY Contador Lesr The My Contador lesr plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportar_registros() function in all versions up to, and including, 2.0. | 5.3 |
| 2024-11-21 | CVE-2024-11354 | Missing Authorization vulnerability in Codelizar Ultimate Youtube Video & Shorts Player With Vimeo The Ultimate YouTube Video & Shorts Player With Vimeo plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the del_ytsingvid() function in all versions up to, and including, 3.3. | 4.3 |
| 2024-11-20 | CVE-2018-9477 | Missing Authorization vulnerability in Google Android 8.0/8.1 In the development options section of the Settings app, there is a possible authentication bypass due to a missing permission check. | 7.8 |
| 2024-11-20 | CVE-2018-9469 | Missing Authorization vulnerability in Google Android In multiple functions of ShortcutService.java, there is a possible creation of a spoofed shortcut due to a missing permission check. | 7.8 |
| 2024-11-20 | CVE-2024-10665 | The Yaad Sarig Payment Gateway For WC plugin for WordPress is vulnerable to unauthorized modification & access of data due to a missing capability check on the yaadpay_view_log_callback() and yaadpay_delete_log_callback() functions in all versions up to, and including, 2.2.4. | 5.4 |
| 2024-11-20 | CVE-2024-10900 | Missing Authorization vulnerability in Metagauss Profilegrid The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pm_remove_file_attachment() function in all versions up to, and including, 5.9.3.6. | 8.1 |
| 2024-11-19 | CVE-2024-50417 | Missing Authorization vulnerability in Bold-Themes Bold Page Builder Missing Authorization vulnerability in BoldThemes Bold Page Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bold Page Builder: from n/a through 5.1.3. | 8.8 |
| 2024-11-19 | CVE-2024-11069 | Missing Authorization vulnerability in Welaunch Wordpress Gdpr The WordPress GDPR plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'WordPress_GDPR_Data_Delete::check_action' function in all versions up to, and including, 2.0.2. | 9.1 |
| 2024-11-18 | CVE-2024-10390 | The Elfsight Telegram Chat CC plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the 'updatePreferences' function in all versions up to, and including, 1.1.0. | 6.4 |