Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-06 | CVE-2024-5665 | Missing Authorization vulnerability in Xootix Login/Signup Popup 2.7.1/2.7.2 The Login/Signup Popup ( Inline Form + Woocommerce ) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ‘export_settings’ function in versions 2.7.1 to 2.7.2. | 4.3 |
| 2024-06-06 | CVE-2024-1175 | Missing Authorization vulnerability in Plechevandrey Wp-Recall The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'delete_payment' function in all versions up to, and including, 16.26.6. | 5.3 |
| 2024-06-06 | CVE-2024-4788 | Missing Authorization vulnerability in Woostify Boostify Header Footer Builder for Elementor The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create_bhf_post function in all versions up to, and including, 1.3.3. | 4.3 |
| 2024-06-05 | CVE-2024-5453 | Missing Authorization vulnerability in Metagauss Profilegrid The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pm_dismissible_notice and pm_wizard_update_group_icon functions in all versions up to, and including, 5.8.6. | 4.3 |
| 2024-06-05 | CVE-2024-4088 | Missing Authorization vulnerability in Wpattire Attire Blocks The Gutenberg Blocks and Page Layouts – Attire Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the disable_fe_assets function in all versions up to, and including, 1.9.2. | 4.3 |
| 2024-05-29 | CVE-2024-36377 | Missing Authorization vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2024.03.2 certain TeamCity API endpoints did not check user permissions | 8.1 |
| 2024-05-24 | CVE-2024-5318 | Missing Authorization vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.11 prior to 16.10.6, starting from 16.11 prior to 16.11.3, and starting from 17.0 prior to 17.0.1. | 5.3 |
| 2024-05-17 | CVE-2023-51479 | Missing Authorization vulnerability in Buildapp Build APP Online Improper Privilege Management vulnerability in Abdul Hakeem Build App Online allows Privilege Escalation.This issue affects Build App Online: from n/a through 1.0.19. | 8.8 |
| 2024-05-16 | CVE-2024-4222 | Missing Authorization vulnerability in Themeum Tutor LMS The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. | 8.2 |
| 2024-05-14 | CVE-2024-4317 | Missing Authorization vulnerability in Postgresql Missing authorization in PostgreSQL built-in views pg_stats_ext and pg_stats_ext_exprs allows an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands of other users. | 4.3 |