Vulnerabilities > Missing Authorization

DATE	CVE	VULNERABILITY TITLE	RISK
2023-06-07	CVE-2020-36730	Missing Authorization vulnerability in Niteothemes CMP The CMP for WordPress is vulnerable to authorization bypass due to a missing capability check on the cmp_get_post_detail(), niteo_export_csv(), and cmp_disable_comingsoon_ajax() functions in versions up to, and including, 3.8.1. network low complexity niteothemes CWE-862 critical	9.3
2023-06-07	CVE-2021-4338	Missing Authorization vulnerability in Duckdev 404 to 301 The 404 to 301 plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the open_redirect & save_redirect functions in versions up to, and including, 3.0.7. network low complexity duckdev CWE-862	5.4
2023-06-07	CVE-2021-4339	Missing Authorization vulnerability in Stylemixthemes Ulisting The uListing plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the "ulisting/includes/route.php" file on the /1/api/ulisting-user/search REST-API route in versions up to, and including, 1.6.6. network low complexity stylemixthemes CWE-862	5.3
2023-06-07	CVE-2021-4341	Missing Authorization vulnerability in Stylemixthemes Ulisting The uListing plugin for WordPress is vulnerable to authorization bypass via Ajax due to missing capability checks, missing input validation, and a missing security nonce in the stm_update_email_data AJAX action in versions up to, and including, 1.6.6. network low complexity stylemixthemes CWE-862 critical	9.8
2023-06-07	CVE-2021-4343	Missing Authorization vulnerability in Stylemixthemes Ulisting The Unauthenticated Account Creation plugin for WordPress is vulnerable to Unauthenticated Account Creation in versions up to, and including, 1.6.6. network low complexity stylemixthemes CWE-862 critical	9.8
2023-06-07	CVE-2021-4345	Missing Authorization vulnerability in Stylemixthemes Ulisting The uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability and nonce checks on the UlistingUserRole::save_role_api method in versions up to, and including, 1.6.6. network low complexity stylemixthemes CWE-862	5.3
2023-06-07	CVE-2021-4346	Missing Authorization vulnerability in Stylemixthemes Ulisting The uListing plugin for WordPress is vulnerable to Unauthenticated Arbitrary Account Changes in versions up to, and including, 1.6.6. network low complexity stylemixthemes CWE-862	7.5
2023-06-07	CVE-2021-4347	Missing Authorization vulnerability in Zorem Advanced Shipment Tracking for Woocommerce The function update_shipment_status_email_status_fun in the plugin Advanced Shipment Tracking for WooCommerce in versions up to 3.2.6 is vulnerable to authenticated arbitrary options update. network low complexity zorem CWE-862	6.5
2023-06-07	CVE-2021-4350	Missing Authorization vulnerability in Najeebmedia Frontend File Manager Plugin The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated HTML Injection in versions up to, and including, 18.2. network low complexity najeebmedia CWE-862	5.3
2023-06-07	CVE-2021-4351	Missing Authorization vulnerability in Najeebmedia Frontend File Manager Plugin The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Post Meta Change in versions up to, and including, 18.2. network low complexity najeebmedia CWE-862	5.3

Vulnerabilities > Missing Authorization {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Missing Authorization"}]}

Vulnerabilities > Missing Authorization