Vulnerabilities > Missing Authorization
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-06-07 | CVE-2021-4355 | Missing Authorization vulnerability in Collne Welcart E-Commerce The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the download_orderdetail_list(), change_orderlist(), and download_member_list() functions called via admin_init hooks in versions up to, and including, 2.2.7. | 5.3 |
2023-06-07 | CVE-2021-4356 | Missing Authorization vulnerability in Najeebmedia Frontend File Manager Plugin The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Download in versions up to, and including, 18.2. | 9.8 |
2023-06-07 | CVE-2021-4357 | Missing Authorization vulnerability in Stylemixthemes Ulisting The uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability checks, and a missing security nonce, on the UlistingUserRole::save_role_api function in versions up to, and including, 1.6.6. | 5.3 |
2023-06-07 | CVE-2021-4359 | Missing Authorization vulnerability in Najeebmedia Frontend File Manager Plugin The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary Post Deletion in versions up to, and including, 18.2. | 5.3 |
2023-06-07 | CVE-2021-4361 | Missing Authorization vulnerability in Eyecix Jobsearch WP JOB Board 1.5.1/1.7.4 The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the jobsearch_job_integrations_settin_save AJAX action in versions up to, and including, 1.8.1. | 8.8 |
2023-06-07 | CVE-2021-4362 | Missing Authorization vulnerability in Wpkube Kiwi Social Share 2.1.0 The Kiwi Social Share plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the kiwi_social_share_get_option() function called via the kiwi_social_share_get_option AJAX action in version 2.1.0. | 9.8 |
2023-06-07 | CVE-2021-4364 | Missing Authorization vulnerability in Eyecix Jobsearch WP JOB Board 1.5.1/1.7.4 The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the jobsearch_add_job_import_schedule_call() function in versions up to, and including, 1.8.1. | 4.3 |
2023-06-07 | CVE-2021-4366 | Missing Authorization vulnerability in Magazine3 PWA for WP & AMP The PWA for WP & AMP plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the pwaforwp_update_features_options function in versions up to, and including, 1.7.32. | 4.3 |
2023-06-07 | CVE-2021-4368 | Missing Authorization vulnerability in Najeebmedia Frontend File Manager Plugin The Frontend File Manager plugin for WordPress is vulnerable to Authenticated Settings Change in versions up to, and including, 18.2. | 8.8 |
2023-06-07 | CVE-2021-4369 | Missing Authorization vulnerability in Najeebmedia Frontend File Manager Plugin The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Content Injection in versions up to, and including, 18.2. | 5.3 |