Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-29 | CVE-2024-1130 | Missing Authorization vulnerability in Basixonline Nex-Forms The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the set_read() function in all versions up to, and including, 8.5.6. | 4.3 |
| 2024-02-28 | CVE-2024-1860 | Missing Authorization vulnerability in Billminozzi Anti Hacker The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the antihacker_add_whitelist() function in all versions up to, and including, 4.51. | 5.3 |
| 2024-02-28 | CVE-2024-1388 | Missing Authorization vulnerability in Wpmoose Yuki The Yuki theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reset_customizer_options() function in all versions up to, and including, 1.3.13. | 4.3 |
| 2024-02-27 | CVE-2024-1686 | Missing Authorization vulnerability in Villatheme Woocommerce Thank YOU Page Customizer The Thank You Page Customizer for WooCommerce – Increase Your Sales plugin for WordPress is vulnerable to missing authorization e in all versions up to, and including, 1.1.2 via the apply_layout function due to a missing capability check. | 6.5 |
| 2024-02-23 | CVE-2024-1778 | Missing Authorization vulnerability in Zestard Admin Side Data Storage for Contact Form 7 1.0.0/1.1.0/1.1.1 The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the zt_dcfcf_change_bookmark() function in all versions up to, and including, 1.1.1. | 5.3 |
| 2024-02-21 | CVE-2024-1108 | Missing Authorization vulnerability in Davidcramer Plugin Groups The Plugin Groups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admin_init() function in all versions up to, and including, 2.0.6. | 8.2 |
| 2024-02-16 | CVE-2024-0037 | Missing Authorization vulnerability in Google Android In applyCustomDescription of SaveUi.java, there is a possible way to view images belonging to a different user due to a missing permission check. | 3.3 |
| 2024-02-16 | CVE-2024-0038 | Missing Authorization vulnerability in Google Android 14.0 In injectInputEventToInputFilter of AccessibilityManagerService.java, there is a possible arbitrary input event injection due to a missing permission check. | 7.8 |
| 2024-02-15 | CVE-2023-40105 | Missing Authorization vulnerability in Google Android In backupAgentCreated of ActivityManagerService.java, there is a possible way to leak sensitive data due to a missing permission check. | 5.5 |
| 2024-02-15 | CVE-2023-40113 | Missing Authorization vulnerability in Google Android In multiple locations, there is a possible way for apps to access cross-user message data due to a missing permission check. | 5.5 |