Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-23 | CVE-2024-9223 | The WPDash Notes plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wp_ajax_post_it_list_comment' function in all versions up to, and including, 1.3.5. | 4.3 |
| 2024-11-22 | CVE-2024-11104 | Missing Authorization vulnerability in Wowdevs SKY Addons for Elementor The Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blogs) plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the save_options() function in all versions up to, and including, 2.6.2. | 8.1 |
| 2024-11-22 | CVE-2024-11355 | The Ultimate YouTube Video & Shorts Player With Vimeo plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_setting() function in all versions up to, and including, 3.3. | 4.3 |
| 2024-11-22 | CVE-2024-11601 | Missing Authorization vulnerability in Wowdevs SKY Addons for Elementor The Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blog, Video Gallery) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.1. | 8.1 |
| 2024-11-21 | CVE-2024-10528 | Missing Authorization vulnerability in Ultimatemember Ultimate Member The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to unauthorized profile picture updates due to a missing capability check on the wp_ajax_um_resize_image() and ajax_resize_image() functions in all versions up to, and including, 2.8.9. | 4.3 |
| 2024-11-21 | CVE-2024-10532 | The Bard Extra plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bardxtra_import_xml() function in all versions up to, and including, 1.2.7. | 4.3 |
| 2024-11-21 | CVE-2024-11334 | Missing Authorization vulnerability in Nes360 MY Contador Lesr The My Contador lesr plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportar_registros() function in all versions up to, and including, 2.0. | 5.3 |
| 2024-11-21 | CVE-2024-11354 | Missing Authorization vulnerability in Codelizar Ultimate Youtube Video & Shorts Player With Vimeo The Ultimate YouTube Video & Shorts Player With Vimeo plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the del_ytsingvid() function in all versions up to, and including, 3.3. | 4.3 |
| 2024-11-20 | CVE-2018-9477 | Missing Authorization vulnerability in Google Android 8.0/8.1 In the development options section of the Settings app, there is a possible authentication bypass due to a missing permission check. | 7.8 |
| 2024-11-20 | CVE-2018-9469 | Missing Authorization vulnerability in Google Android In multiple functions of ShortcutService.java, there is a possible creation of a spoofed shortcut due to a missing permission check. | 7.8 |