Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-31 | CVE-2024-0836 | Missing Authorization vulnerability in Radiustheme Review Schema The WordPress Review & Structure Data Schema Plugin – Review Schema plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rtrs_review_edit() function in all versions up to, and including, 2.1.14. | 4.3 |
| 2024-01-29 | CVE-2023-1705 | Missing Authorization vulnerability in Forcepoint ONE Smartedge Agent Missing Authorization vulnerability in Forcepoint F|One SmartEdge Agent on Windows (bgAutoinstaller service modules) allows Privilege Escalation, Functionality Bypass.This issue affects F|One SmartEdge Agent: before 1.7.0.230330-554. | 7.8 |
| 2024-01-29 | CVE-2023-6279 | Missing Authorization vulnerability in Wootsify Sites Library The Woostify Sites Library WordPress plugin before 1.4.8 does not have authorisation in an AJAX action, allowing any authenticated users, such as subscriber to update arbitrary blog options and set them to 'activated' which could lead to DoS when using a specific option name | 7.1 |
| 2024-01-26 | CVE-2024-23388 | Missing Authorization vulnerability in Mercari 3.51.0/3.52.0/4.49.1 Improper authorization in handler for custom URL scheme issue in "Mercari" App for Android prior to version 5.78.0 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. | 6.1 |
| 2024-01-25 | CVE-2024-0617 | Missing Authorization vulnerability in Quanticedgesolutions Category Discount Woocommerce The Category Discount Woocommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpcd_save_discount() function in all versions up to, and including, 4.12. | 5.3 |
| 2024-01-22 | CVE-2024-23752 | Missing Authorization vulnerability in Gabrieleventuri Pandasai GenerateSDFPipeline in synthetic_dataframe in PandasAI (aka pandas-ai) through 1.5.17 allows attackers to trigger the generation of arbitrary Python code that is executed by SDFCodeExecutor. | 9.8 |
| 2024-01-20 | CVE-2024-0679 | Missing Authorization vulnerability in Themegrill Colormag The ColorMag theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the plugin_action_callback() function in all versions up to, and including, 3.1.2. | 6.5 |
| 2024-01-18 | CVE-2023-48339 | Missing Authorization vulnerability in Google Android 11.0/12.0/13.0 In jpg driver, there is a possible missing permission check. | 4.4 |
| 2024-01-17 | CVE-2023-34379 | Missing Authorization vulnerability in Magneticone Magento to Woocommerce Migration 2.0.0 Missing Authorization vulnerability in MagneticOne Cart2Cart: Magento to WooCommerce Migration.This issue affects Cart2Cart: Magento to WooCommerce Migration: from n/a through 2.0.0. | 4.3 |
| 2024-01-16 | CVE-2023-48926 | Missing Authorization vulnerability in Prestashop Advanced Loyalty Program An issue in 202 ecommerce Advanced Loyalty Program: Loyalty Points before v2.3.4 for PrestaShop allows unauthenticated attackers to arbitrarily change an order status. | 5.3 |