Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-25 | CVE-2024-8350 | Missing Authorization vulnerability in Uncannyowl Uncanny Groups for Learndash The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to user group add due to a missing capability check on the /wp-json/ulgm_management/v1/add_user/ REST API endpoint in all versions up to, and including, 6.1.0.1. | 2.7 |
| 2024-09-25 | CVE-2024-8434 | Missing Authorization vulnerability in Themehunk Mega Menu The Easy Mega Menu Plugin for WordPress – ThemeHunk plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions hooked via AJAX in all versions up to, and including, 1.0.9. | 4.3 |
| 2024-09-25 | CVE-2024-8437 | The WP Easy Gallery – WordPress Gallery Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions hooked via AJAX like wpeg_settings and wpeg_add_gallery in all versions up to, and including, 4.8.5. | 4.3 |
| 2024-09-24 | CVE-2024-8432 | Missing Authorization vulnerability in Webba-Booking Webba Booking The Appointment & Event Booking Calendar Plugin – Webba Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_appearance() function in all versions up to, and including, 5.0.48. | 4.3 |
| 2024-09-13 | CVE-2024-7888 | Missing Authorization vulnerability in Radiustheme Classified Listing - Classified ADS & Business Directory The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions like export_forms(), import_forms(), update_fb_options(), and many more in all versions up to, and including, 3.1.7. | 4.3 |
| 2024-09-11 | CVE-2024-7721 | Missing Authorization vulnerability in Bplugins Html5 Video Player The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_password' function in all versions up to, and including, 2.5.34. | 4.3 |
| 2024-09-11 | CVE-2024-7727 | Missing Authorization vulnerability in Bplugins Html5 Video Player The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple functions called via the 'h5vp_ajax_handler' ajax action in all versions up to, and including, 2.5.32. | 5.3 |
| 2024-09-11 | CVE-2024-40650 | Missing Authorization vulnerability in Google Android In wifi_item_edit_content of styles.xml , there is a possible FRP bypass due to Missing check for FRP state. | 7.8 |
| 2024-09-11 | CVE-2024-40652 | Missing Authorization vulnerability in Google Android In onCreate of SettingsHomepageActivity.java, there is a possible way to access the Settings app while the device is provisioning due to a missing permission check. | 7.8 |
| 2024-09-10 | CVE-2024-45591 | Missing Authorization vulnerability in Xwiki XWiki Platform is a generic wiki platform. | 5.3 |