Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-26 | CVE-2024-8552 | Missing Authorization vulnerability in Wpchill Download Monitor The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the enable_shop() function in all versions up to, and including, 5.0.9. | 4.3 |
| 2024-09-25 | CVE-2024-8678 | Missing Authorization vulnerability in Revolut Gateway for Woocommerce The Revolut Gateway for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wc/v3/revolut REST API endpoint in all versions up to, and including, 4.17.3. | 5.3 |
| 2024-09-25 | CVE-2024-6845 | Missing Authorization vulnerability in Smartsearchwp The Chatbot with ChatGPT WordPress plugin before 2.4.6 does not have proper authorization in one of its REST endpoint, allowing unauthenticated users to retrieve the encoded key and then decode it, thereby leaking the OpenAI API key | 5.3 |
| 2024-09-25 | CVE-2024-8658 | Missing Authorization vulnerability in Mycred The myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mycred_update_database() function in all versions up to, and including, 2.7.3. | 5.3 |
| 2024-09-25 | CVE-2024-6590 | Missing Authorization vulnerability in Javmah Spreadsheet Integration The Spreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. | 4.3 |
| 2024-09-25 | CVE-2024-7491 | The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.6.1 via the woof_messenger_remove_subscr AJAX action due to missing validation on the 'key' user controlled key. | 5.3 |
| 2024-09-25 | CVE-2024-8349 | Missing Authorization vulnerability in Uncannyowl Uncanny Groups for Learndash The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.1.0.1. | 7.2 |
| 2024-09-25 | CVE-2024-8350 | Missing Authorization vulnerability in Uncannyowl Uncanny Groups for Learndash The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to user group add due to a missing capability check on the /wp-json/ulgm_management/v1/add_user/ REST API endpoint in all versions up to, and including, 6.1.0.1. | 2.7 |
| 2024-09-25 | CVE-2024-8434 | Missing Authorization vulnerability in Themehunk Mega Menu The Easy Mega Menu Plugin for WordPress – ThemeHunk plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions hooked via AJAX in all versions up to, and including, 1.0.9. | 4.3 |
| 2024-09-25 | CVE-2024-8437 | The WP Easy Gallery – WordPress Gallery Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions hooked via AJAX like wpeg_settings and wpeg_add_gallery in all versions up to, and including, 4.8.5. | 4.3 |