Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-05 | CVE-2023-6959 | Missing Authorization vulnerability in Motopress Getwid - Gutenberg Blocks 1.8.3/2.0.3 The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the recaptcha_api_key_manage function in all versions up to, and including, 2.0.3. | 4.3 |
| 2024-02-05 | CVE-2023-6985 | Missing Authorization vulnerability in 10Web AI Assistant The 10Web AI Assistant – AI content writing assistant plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the install_plugin AJAX action in all versions up to, and including, 1.0.18. | 8.8 |
| 2024-02-05 | CVE-2024-0324 | Missing Authorization vulnerability in Cozmoslabs Profile Builder The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wppb_two_factor_authentication_settings_update' function in all versions up to, and including, 3.10.8. | 7.5 |
| 2024-02-02 | CVE-2023-47148 | Missing Authorization vulnerability in IBM Spectrum Protect Plus IBM Storage Protect Plus Server 10.1.0 through 10.1.15.2 Admin Console could allow a remote attacker to obtain sensitive information due to improper validation of unsecured endpoints which could be used in further attacks against the system. | 7.5 |
| 2024-02-02 | CVE-2024-1047 | Missing Authorization vulnerability in Themeisle Orbit FOX The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the register_reference() function in all versions up to, and including, 2.10.28. | 5.3 |
| 2024-01-31 | CVE-2024-0836 | Missing Authorization vulnerability in Radiustheme Review Schema The WordPress Review & Structure Data Schema Plugin – Review Schema plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rtrs_review_edit() function in all versions up to, and including, 2.1.14. | 4.3 |
| 2024-01-29 | CVE-2023-1705 | Missing Authorization vulnerability in Forcepoint ONE Smartedge Agent Missing Authorization vulnerability in Forcepoint F|One SmartEdge Agent on Windows (bgAutoinstaller service modules) allows Privilege Escalation, Functionality Bypass.This issue affects F|One SmartEdge Agent: before 1.7.0.230330-554. | 7.8 |
| 2024-01-29 | CVE-2023-6279 | Missing Authorization vulnerability in Wootsify Sites Library The Woostify Sites Library WordPress plugin before 1.4.8 does not have authorisation in an AJAX action, allowing any authenticated users, such as subscriber to update arbitrary blog options and set them to 'activated' which could lead to DoS when using a specific option name | 7.1 |
| 2024-01-26 | CVE-2024-23388 | Missing Authorization vulnerability in Mercari 3.51.0/3.52.0/4.49.1 Improper authorization in handler for custom URL scheme issue in "Mercari" App for Android prior to version 5.78.0 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. | 6.1 |
| 2024-01-25 | CVE-2024-21630 | Missing Authorization vulnerability in Zulip Server Zulip is an open-source team collaboration tool. | 4.3 |