Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-20 | CVE-2024-49325 | Missing Authorization vulnerability in Wpdiscover Photo Gallery Builder Subscriber Broken Access Control in Photo Gallery Builder <= 3.0 versions. | 8.8 |
| 2024-10-18 | CVE-2024-10078 | Missing Authorization vulnerability in Newsignature WP Easy Post Types The WP Easy Post Types plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 1.4.4. | 5.4 |
| 2024-10-18 | CVE-2024-9361 | Missing Authorization vulnerability in Giuliopanda Bulk Images Optimizer The Bulk images optimizer: Resize, optimize, convert to webp, rename … plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_configuration' function in all versions up to, and including, 2.0.1. | 4.3 |
| 2024-10-18 | CVE-2024-9364 | Missing Authorization vulnerability in Smackcoders Sendgrid The SendGrid for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'wp_mailplus_clear_logs' function in all versions up to, and including, 1.4. | 4.3 |
| 2024-10-16 | CVE-2020-36840 | Missing Authorization vulnerability in Motopress Timetable and Event Schedule The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wp_ajax_route_url() function called via a nopriv AJAX action in versions up to, and including, 2.3.8. | 9.8 |
| 2024-10-16 | CVE-2024-45461 | Missing Authorization vulnerability in Apache Cloudstack The CloudStack Quota feature allows cloud administrators to implement a quota or usage limit system for cloud resources, and is disabled by default. | 6.3 |
| 2024-10-16 | CVE-2018-25105 | Missing Authorization vulnerability in Filemanagerpro File Manager The File Manager plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the /inc/root.php file in versions up to, and including, 3.0. | 9.8 |
| 2024-10-16 | CVE-2019-25214 | The ShopWP plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST API routes in versions up to, and including, 2.0.4. | 7.2 |
| 2024-10-16 | CVE-2019-25215 | The ARI-Adminer plugin for WordPress is vulnerable to authorization bypass due to a lack of file access controls in nearly every file of the plugin in versions up to, and including, 1.1.14. | 7.3 |
| 2024-10-16 | CVE-2019-25217 | The SiteGround Optimizer plugin for WordPress is vulnerable to authorization bypass leading to Remote Code Execution and Local File Inclusion in versions up to, and including, 5.0.12 due to incorrect use of an access control attribute on the switch_php function called via the /switch-php REST API route. | 9.8 |