Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-23 | CVE-2024-43924 | Missing Authorization vulnerability in Dfactory Responsive Lightbox Missing Authorization vulnerability in dFactory Responsive Lightbox allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Responsive Lightbox: from n/a through 2.4.7. | 9.8 |
| 2024-10-23 | CVE-2024-9583 | Missing Authorization vulnerability in Rebelcode RSS Aggregator The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the wprss_ajax_send_premium_support function in all versions up to, and including, 4.23.12. | 5.4 |
| 2024-10-23 | CVE-2024-9829 | Missing Authorization vulnerability in Metagauss Download Plugin The Download Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability checks on the 'dpwap_handle_download_user' and 'dpwap_handle_download_comment' functions in all versions up to, and including, 2.2.0. | 6.5 |
| 2024-10-22 | CVE-2024-10003 | Missing Authorization vulnerability in Roveridx Rover IDX The Rover IDX plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 3.0.0.2903. | 6.3 |
| 2024-10-21 | CVE-2024-49367 | Missing Authorization vulnerability in Nginxui Nginx UI Nginx UI is a web user interface for the Nginx web server. | 7.5 |
| 2024-10-21 | CVE-2024-49273 | Missing Authorization vulnerability in Metagauss Profilegrid Missing Authorization vulnerability in ProfileGrid User Profiles ProfileGrid.This issue affects ProfileGrid: from n/a through 5.9.3. | 6.5 |
| 2024-10-21 | CVE-2024-49293 | Missing Authorization vulnerability in Rextheme WP VR Missing Authorization vulnerability in Rextheme WP VR allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP VR: from n/a through 8.5.4. | 5.4 |
| 2024-10-21 | CVE-2024-49321 | Missing Authorization vulnerability in Colorlib Simple Custom Post Order Missing Authorization vulnerability in Colorlib Simple Custom Post Order allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Custom Post Order: from n/a through 2.5.7. | 4.3 |
| 2024-10-20 | CVE-2024-49325 | Missing Authorization vulnerability in Wpdiscover Photo Gallery Builder Subscriber Broken Access Control in Photo Gallery Builder <= 3.0 versions. | 8.8 |
| 2024-10-18 | CVE-2024-10078 | Missing Authorization vulnerability in Newsignature WP Easy Post Types The WP Easy Post Types plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 1.4.4. | 5.4 |