Vulnerabilities > Missing Authorization
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-01-15 | CVE-2023-6048 | Missing Authorization vulnerability in Estatik The Estatik Real Estate Plugin WordPress plugin before 4.1.1 does not prevent user with low privileges on the site, like subscribers, from setting any of the site's options to 1, which could be used to break sites and lead to DoS when certain options are reset | 6.5 |
2024-01-15 | CVE-2023-6066 | Missing Authorization vulnerability in Kishorkhambu WP Custom Widget Area The WP Custom Widget area WordPress plugin through 1.2.5 does not properly apply capability and nonce checks on any of its AJAX action callback functions, which could allow attackers with subscriber+ privilege to create, delete or modify menus on the site. | 4.3 |
2024-01-12 | CVE-2023-40362 | Missing Authorization vulnerability in Centralsquare Click2Gov Building Permit An issue was discovered in CentralSquare Click2Gov Building Permit before October 2023. | 4.3 |
2024-01-11 | CVE-2023-6554 | Missing Authorization vulnerability in Tecnick Tcexam When access to the "admin" folder is not protected by some external authorization mechanisms e.g. | 6.5 |
2024-01-11 | CVE-2023-6369 | Missing Authorization vulnerability in Myrecorp Export WP Page to Static Html/Css 2.1.9 The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple AJAX actions in all versions up to, and including, 2.1.9. | 5.4 |
2024-01-11 | CVE-2023-6496 | Missing Authorization vulnerability in Freeamigos Manage Notification E-Mails The Manage Notification E-mails plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.8.5 via the card_famne_export_settings function. | 5.3 |
2024-01-11 | CVE-2023-6504 | Missing Authorization vulnerability in Cozmoslabs Profile Builder The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wppb_toolbox_usermeta_handler function in all versions up to, and including, 3.10.7. | 4.3 |
2024-01-11 | CVE-2023-6598 | Missing Authorization vulnerability in Softaculous Speedycache The SpeedyCache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the speedycache_save_varniship, speedycache_img_update_settings, speedycache_preloading_add_settings, and speedycache_preloading_delete_resource functions in all versions up to, and including, 1.1.3. | 4.3 |
2024-01-11 | CVE-2023-6637 | Missing Authorization vulnerability in Daan Complete Analytics Optimization Suite The CAOS | Host Google Analytics Locally plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_settings' function in versions up to, and including, 4.7.14. | 5.3 |
2024-01-11 | CVE-2023-6638 | Missing Authorization vulnerability in Gutengeek GG WOO Feed 1.2.4 The GTG Product Feed for Shopping plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_settings' function in versions up to, and including, 1.2.4. | 5.3 |