Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-12 | CVE-2024-9824 | The ImagePress – Image Gallery plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'ip_delete_post' and 'ip_update_post_title' functions in all versions up to, and including, 1.2.2. | 4.3 |
| 2024-10-12 | CVE-2024-9860 | The Bridge Core plugin for WordPress is vulnerable to unauthorized modification of data or loss of data due to a missing capability check on the 'import_action' and 'install_plugin_per_demo' functions in versions up to, and including, 3.3. | 6.5 |
| 2024-10-11 | CVE-2024-9587 | Missing Authorization vulnerability in Linkz.Ai The Linkz.ai plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_linkz' function in versions up to, and including, 1.1.8. | 4.3 |
| 2024-10-10 | CVE-2024-48902 | Missing Authorization vulnerability in Jetbrains Youtrack In JetBrains YouTrack before 2024.3.46677 improper access control allowed users with project update permission to delete applications via API | 5.4 |
| 2024-10-10 | CVE-2024-9067 | Missing Authorization vulnerability in Kainelabs Youzify The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'delete_attachment' function in all versions up to, and including, 1.3.0. | 4.3 |
| 2024-10-10 | CVE-2024-9520 | Missing Authorization vulnerability in Wpuserplus Userplus 1.0/1.1/2.0 The UserPlus plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.0. | 5.4 |
| 2024-10-10 | CVE-2024-8513 | Missing Authorization vulnerability in Quarka QA Analytics The QA Analytics – Web Analytics Tool with Heatmaps & Session Replay Across All Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_save_plugin_config() function in all versions up to, and including, 4.1.0.0. | 5.3 |
| 2024-10-10 | CVE-2024-9065 | Missing Authorization vulnerability in Matbao WP Helper Premium The WP Helper Premium plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'whp_smtp_send_mail_test' function in all versions up to, and including, 4.6.1. | 5.3 |
| 2024-10-10 | CVE-2024-9685 | Missing Authorization vulnerability in Andreamarinucci Notification for Telegram The Notification for Telegram plugin for WordPress is vulnerable to unauthorized test message sending due to a missing capability check on the 'nftb_test_action' function in versions up to, and including, 3.3.1. | 4.3 |
| 2024-10-08 | CVE-2024-8431 | The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajaxGetGalleryJson() function in all versions up to, and including, 3.2.21. | 4.3 |