Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-26 | CVE-2024-10092 | The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_handle_api_key_actions function in all versions up to, and including, 5.0.12. | 4.3 |
| 2024-10-25 | CVE-2024-9584 | Missing Authorization vulnerability in Webcraftplugins Image MAP PRO The Image Map Pro plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the AJAX functions in versions up to, and including, 6.0.20. | 5.4 |
| 2024-10-25 | CVE-2024-9630 | Missing Authorization vulnerability in 10Web WPS Telegram Chat The WPS Telegram Chat plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when accessing messages in versions up to, and including, 4.5.4. | 5.3 |
| 2024-10-25 | CVE-2024-9109 | Missing Authorization vulnerability in Octolize Woocommerce UPS Shipping The WooCommerce UPS Shipping – Live Rates and Access Points plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_oauth_data function in all versions up to, and including, 2.3.11. | 4.3 |
| 2024-10-25 | CVE-2024-9686 | Missing Authorization vulnerability in Choplugins Order Notification for Telegram The Order Notification for Telegram plugin for WordPress is vulnerable to unauthorized test message sending due to a missing capability check on the 'nktgnfw_send_test_message' function in versions up to, and including, 1.0.1. | 5.3 |
| 2024-10-24 | CVE-2024-49357 | Missing Authorization vulnerability in Zimaspace Zimaos ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. | 7.5 |
| 2024-10-24 | CVE-2024-48932 | Missing Authorization vulnerability in Zimaspace Zimaos ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. | 5.3 |
| 2024-10-24 | CVE-2024-8667 | The HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized post publication due to a missing capability check on the activateCampaign() function in all versions up to, and including, 2.10.0. | 4.3 |
| 2024-10-23 | CVE-2024-43924 | Missing Authorization vulnerability in Dfactory Responsive Lightbox Missing Authorization vulnerability in dFactory Responsive Lightbox allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Responsive Lightbox: from n/a through 2.4.7. | 9.8 |
| 2024-10-23 | CVE-2024-9583 | Missing Authorization vulnerability in Rebelcode RSS Aggregator The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the wprss_ajax_send_premium_support function in all versions up to, and including, 4.23.12. | 5.4 |