Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-04 | CVE-2023-6733 | Missing Authorization vulnerability in Butlerblog Wp-Members The WP-Members Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.8 via the wpmem_field shortcode. | 6.5 |
| 2024-01-03 | CVE-2024-0201 | Missing Authorization vulnerability in Webcodingplace Product Expiry for Woocommerce The Product Expiry for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_settings' function in versions up to, and including, 2.5. | 4.3 |
| 2024-01-03 | CVE-2023-7068 | Missing Authorization vulnerability in Webtoffee Woocommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on theprint_packinglist action in all versions up to, and including, 4.3.0. | 6.5 |
| 2024-01-03 | CVE-2023-42358 | Missing Authorization vulnerability in O-Ran-Sc Ric-Plt-E2Mgr An issue was discovered in O-RAN Software Community ric-plt-e2mgr in the G-Release environment, allows remote attackers to cause a denial of service (DoS) via a crafted request to the E2Manager API component. | 7.7 |
| 2024-01-02 | CVE-2023-4164 | Missing Authorization vulnerability in Google Android There is a possible information disclosure due to a missing permission check. | 5.5 |
| 2024-01-02 | CVE-2023-47458 | Missing Authorization vulnerability in Bladex Springblade 3.2.0/3.6.0/3.7.0 An issue in SpringBlade v.3.7.0 and before allows a remote attacker to escalate privileges via the lack of permissions control framework. | 9.8 |
| 2024-01-01 | CVE-2023-5877 | Missing Authorization vulnerability in Servit Affiliate-Toolkit The affiliate-toolkit WordPress plugin before 3.4.3 lacks authorization and authentication for requests to it's affiliate-toolkit-starter/tools/atkp_imagereceiver.php endpoint, allowing unauthenticated visitors to make requests to arbitrary URL's, including RFC1918 private addresses, leading to a Server Side Request Forgery (SSRF) issue. | 9.8 |
| 2023-12-31 | CVE-2023-52275 | Missing Authorization vulnerability in Tecno-Mobile Camon X Firmware Gallery3d on Tecno Camon X CA7 devices allows attackers to view hidden images by navigating to data/com.android.gallery3d/.privatealbum/.encryptfiles and guessing the correct image file extension. | 2.1 |
| 2023-12-28 | CVE-2023-49229 | Missing Authorization vulnerability in Peplink Balance TWO Firmware 8.1.0 An issue was discovered in Peplink Balance Two before 8.4.0. | 4.3 |
| 2023-12-28 | CVE-2023-49230 | Missing Authorization vulnerability in Peplink Balance TWO Firmware 8.1.0 An issue was discovered in Peplink Balance Two before 8.4.0. | 8.8 |