Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-11 | CVE-2023-6638 | Missing Authorization vulnerability in Gutengeek GG WOO Feed 1.2.4 The GTG Product Feed for Shopping plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_settings' function in versions up to, and including, 1.2.4. | 5.3 |
| 2024-01-11 | CVE-2023-6751 | Missing Authorization vulnerability in Hostinger The Hostinger plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the function publish_website in all versions up to, and including, 1.9.7. | 6.5 |
| 2024-01-11 | CVE-2023-6855 | Missing Authorization vulnerability in Strangerstudios Paid Memberships PRO The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to unauthorized modification of membership levels created by the plugin due to an incorrectly implemented capability check in the pmpro_rest_api_get_permissions_check function in all versions up to 2.12.5 (inclusive). | 5.3 |
| 2024-01-11 | CVE-2023-6875 | Missing Authorization vulnerability in Wpexperts Post Smtp Mailer The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint in all versions up to, and including, 2.8.7. | 9.8 |
| 2024-01-11 | CVE-2023-7019 | Missing Authorization vulnerability in Themeisle Lightstart The LightStart – Maintenance Mode, Coming Soon and Landing Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the insert_template function in all versions up to, and including, 2.6.8. | 4.3 |
| 2024-01-10 | CVE-2023-6158 | Missing Authorization vulnerability in Myeventon Eventon The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the evo_eventpost_update_meta function in all versions up to, and including, 4.5.4 (for Pro) and 2.2.7 (for free). | 6.5 |
| 2024-01-10 | CVE-2023-48245 | Missing Authorization vulnerability in Bosch Nexo-Os 1000/1500Sp2 The vulnerability allows an unauthenticated remote attacker to upload arbitrary files under the context of the application OS user (“root”) via a crafted HTTP request. | 9.8 |
| 2024-01-10 | CVE-2023-48247 | Missing Authorization vulnerability in Bosch Nexo-Os 1000/1500Sp2 The vulnerability allows an unauthenticated remote attacker to read arbitrary files under the context of the application OS user (“root”) via a crafted HTTP request. | 7.5 |
| 2024-01-08 | CVE-2023-6383 | Missing Authorization vulnerability in Bowo Debug LOG Manager The Debug Log Manager WordPress plugin before 2.3.0 contains a Directory listing vulnerability was discovered, which allows you to download the debug log without authorization and gain access to sensitive data | 7.5 |
| 2024-01-06 | CVE-2023-6798 | Missing Authorization vulnerability in Themeisle RSS Aggregator BY Feedzy The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check when updating settings in all versions up to, and including, 4.3.2. | 5.4 |