Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-16 | CVE-2023-7289 | Missing Authorization vulnerability in Paytium The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized API key update due to a missing capability check on the paytium_sw_save_api_keys function in versions up to, and including, 4.3.7. | 4.3 |
| 2024-10-16 | CVE-2023-7290 | Missing Authorization vulnerability in Paytium The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the check_for_verified_profiles function in versions up to, and including, 4.3.7. | 4.3 |
| 2024-10-16 | CVE-2023-7291 | Missing Authorization vulnerability in Paytium The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create_mollie_account function in versions up to, and including, 4.3.7. | 8.1 |
| 2024-10-16 | CVE-2023-7292 | Missing Authorization vulnerability in Paytium The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized notification dismissal due to a missing capability check on the paytium_notice_dismiss function in versions up to, and including, 4.3.7. | 4.3 |
| 2024-10-16 | CVE-2023-7293 | Missing Authorization vulnerability in Paytium The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the check_mollie_account_details function in versions up to, and including, 4.3.7. | 4.3 |
| 2024-10-16 | CVE-2023-7294 | Missing Authorization vulnerability in Paytium The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the create_mollie_profile function in versions up to, and including, 4.3.7. | 6.5 |
| 2024-10-16 | CVE-2024-9891 | The Multiline files upload for contact form 7 plugin for WordPress is vulnerable to unauthorized plugin deactivation due to a missing capability check on the mfcf7_zl_custom_handle_deactivation_plugin_form_submission() function in all versions up to, and including, 2.8.1. | 4.3 |
| 2024-10-15 | CVE-2024-38190 | Missing Authorization vulnerability in Microsoft Power Platform Missing authorization in Power Platform allows an unauthenticated attacker to view sensitive information through a network attack vector. | 8.6 |
| 2024-10-14 | CVE-2024-45732 | Missing Authorization vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions below 9.3.1, and 9.2.0 versions below 9.2.3, and Splunk Cloud Platform versions below 9.2.2403.103, 9.1.2312.200, 9.1.2312.110 and 9.1.2308.208, a low-privileged user that does not hold the "admin" or "power" Splunk roles could run a search as the "nobody" Splunk user in the SplunkDeploymentServerConfig app. | 6.5 |
| 2024-10-12 | CVE-2024-9756 | Missing Authorization vulnerability in Directsoftware Order Attachments for Woocommerce The Order Attachments for WooCommerce plugin for WordPress is vulnerable to unauthorized limited arbitrary file uploads due to a missing capability check on the wcoa_add_attachment AJAX action in versions 2.0 to 2.4.1. | 4.3 |