Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-29 | CVE-2024-23493 | Missing Authorization vulnerability in Mattermost Server Mattermost fails to properly authorize the requests fetching team associated AD/LDAP groups, allowing a user to fetch details of AD/LDAP groups of a team that they are not a member of. | 6.5 |
| 2024-02-29 | CVE-2024-0907 | Missing Authorization vulnerability in Basixonline Nex-Forms The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the restore_records() function in all versions up to, and including, 8.5.6. | 4.3 |
| 2024-02-29 | CVE-2024-1129 | Missing Authorization vulnerability in Basixonline Nex-Forms The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the set_starred() function in all versions up to, and including, 8.5.6. | 4.3 |
| 2024-02-29 | CVE-2024-1130 | Missing Authorization vulnerability in Basixonline Nex-Forms The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the set_read() function in all versions up to, and including, 8.5.6. | 4.3 |
| 2024-02-28 | CVE-2024-1388 | Missing Authorization vulnerability in Wpmoose Yuki The Yuki theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reset_customizer_options() function in all versions up to, and including, 1.3.13. | 4.3 |
| 2024-02-27 | CVE-2024-1686 | Missing Authorization vulnerability in Villatheme Woocommerce Thank YOU Page Customizer The Thank You Page Customizer for WooCommerce – Increase Your Sales plugin for WordPress is vulnerable to missing authorization e in all versions up to, and including, 1.1.2 via the apply_layout function due to a missing capability check. | 6.5 |
| 2024-02-23 | CVE-2024-1778 | Missing Authorization vulnerability in Zestard Admin Side Data Storage for Contact Form 7 1.0.0/1.1.0/1.1.1 The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the zt_dcfcf_change_bookmark() function in all versions up to, and including, 1.1.1. | 5.3 |
| 2024-02-16 | CVE-2024-0037 | Missing Authorization vulnerability in Google Android In applyCustomDescription of SaveUi.java, there is a possible way to view images belonging to a different user due to a missing permission check. | 3.3 |
| 2024-02-16 | CVE-2024-0038 | Missing Authorization vulnerability in Google Android 14.0 In injectInputEventToInputFilter of AccessibilityManagerService.java, there is a possible arbitrary input event injection due to a missing permission check. | 7.8 |
| 2024-02-15 | CVE-2023-40105 | Missing Authorization vulnerability in Google Android In backupAgentCreated of ActivityManagerService.java, there is a possible way to leak sensitive data due to a missing permission check. | 5.5 |