Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-04-09 | CVE-2024-1352 | Missing Authorization vulnerability in Radiustheme Classified Listing The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access & modification of data due to a missing capability check on the rtcl_import_location() rtcl_import_category() functions in all versions up to, and including, 3.0.4. | 5.3 |
| 2024-04-09 | CVE-2024-3097 | Missing Authorization vulnerability in Imagely Nextgen Gallery The WordPress Gallery Plugin – NextGEN Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_item function in versions up to, and including, 3.59. | 5.3 |
| 2024-04-08 | CVE-2023-52352 | Missing Authorization vulnerability in Google Android 13.0/14.0 In Network Adapter Service, there is a possible missing permission check. | 5.5 |
| 2024-03-21 | CVE-2024-1502 | Missing Authorization vulnerability in Themeum Tutor LMS The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tutor_delete_announcement() function in all versions up to, and including, 2.6.1. | 4.3 |
| 2024-03-13 | CVE-2024-1126 | Missing Authorization vulnerability in Metagauss Eventprime The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_attendees_email_by_event_id() function in all versions up to, and including, 3.4.1. | 4.3 |
| 2024-03-11 | CVE-2024-0052 | Missing Authorization vulnerability in Google Android 14.0 In multiple functions of healthconnect, there is a possible leakage of exercise route data due to a missing permission check. | 3.3 |
| 2024-03-09 | CVE-2024-1125 | Missing Authorization vulnerability in Metagauss Eventprime The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the calendar_events_delete() function in all versions up to, and including, 3.4.3. | 5.3 |
| 2024-03-08 | CVE-2024-1851 | Missing Authorization vulnerability in Servit Affiliate-Toolkit The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the atkp_create_list() function in all versions up to, and including, 3.5.4. | 6.5 |
| 2024-03-07 | CVE-2024-28230 | Missing Authorization vulnerability in Jetbrains Youtrack In JetBrains YouTrack before 2024.1.25893 attaching/detaching workflow to a project was possible without project admin permissions | 6.5 |
| 2024-03-06 | CVE-2024-28155 | Missing Authorization vulnerability in Jenkins Appspider Jenkins AppSpider Plugin 1.0.16 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about available scan config names, engine group names, and client names. | 4.3 |