Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-06 | CVE-2024-5129 | Missing Authorization vulnerability in Lunary A Privilege Escalation Vulnerability exists in lunary-ai/lunary version 1.2.2, where any user can delete any datasets due to missing authorization checks. | 8.2 |
| 2024-06-06 | CVE-2024-5665 | Missing Authorization vulnerability in Xootix Login/Signup Popup 2.7.1/2.7.2 The Login/Signup Popup ( Inline Form + Woocommerce ) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ‘export_settings’ function in versions 2.7.1 to 2.7.2. | 4.3 |
| 2024-06-06 | CVE-2024-1175 | Missing Authorization vulnerability in Plechevandrey Wp-Recall The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'delete_payment' function in all versions up to, and including, 16.26.6. | 5.3 |
| 2024-06-06 | CVE-2024-4788 | Missing Authorization vulnerability in Woostify Boostify Header Footer Builder for Elementor The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create_bhf_post function in all versions up to, and including, 1.3.3. | 4.3 |
| 2024-06-05 | CVE-2024-5453 | Missing Authorization vulnerability in Metagauss Profilegrid The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pm_dismissible_notice and pm_wizard_update_group_icon functions in all versions up to, and including, 5.8.6. | 4.3 |
| 2024-06-05 | CVE-2024-4088 | Missing Authorization vulnerability in Wpattire Attire Blocks The Gutenberg Blocks and Page Layouts – Attire Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the disable_fe_assets function in all versions up to, and including, 1.9.2. | 4.3 |
| 2024-05-24 | CVE-2024-5318 | Missing Authorization vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.11 prior to 16.10.6, starting from 16.11 prior to 16.11.3, and starting from 17.0 prior to 17.0.1. | 5.3 |
| 2024-05-14 | CVE-2024-4444 | Missing Authorization vulnerability in Thimpress Learnpress The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 4.2.6.5. | 6.5 |
| 2024-05-07 | CVE-2024-23704 | Missing Authorization vulnerability in Google Android 13.0/14.0 In onCreate of WifiDialogActivity.java, there is a possible way to bypass the DISALLOW_ADD_WIFI_CONFIG restriction due to a missing permission check. | 7.8 |
| 2024-04-10 | CVE-2024-31997 | Missing Authorization vulnerability in Xwiki XWiki Platform is a generic wiki platform. | 8.8 |