Vulnerabilities > Missing Authorization
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-06-07 | CVE-2021-4370 | Missing Authorization vulnerability in Stylemixthemes Ulisting The uListing plugin for WordPress is vulnerable to authorization bypass as most actions and endpoints are accessible to unauthenticated users, lack security nonces, and data is seldom validated. | 9.8 |
2023-06-07 | CVE-2021-4371 | Missing Authorization vulnerability in Pluginmirror WP Quick Frontend Editor The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Setting Changs in versions up to, and including, 5.5. | 4.3 |
2023-06-07 | CVE-2021-4374 | Missing Authorization vulnerability in Valvepress Wordpress Automatic Plugin The WordPress Automatic Plugin for WordPress is vulnerable to arbitrary options updates in versions up to, and including, 3.53.2. | 9.8 |
2023-06-07 | CVE-2021-4375 | Missing Authorization vulnerability in Collne Welcart E-Commerce The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the usces_download_system_information() function in versions up to, and including, 2.2.7. | 4.3 |
2023-06-07 | CVE-2021-4376 | Missing Authorization vulnerability in Palscode Woocommerce Multi Currency The WooCommerce Multi Currency plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.17. | 4.3 |
2023-06-07 | CVE-2021-4381 | Missing Authorization vulnerability in Stylemixthemes Ulisting The uListing plugin for WordPress is vulnerable to authorization bypass via wp_route due to missing capability checks, and a missing security nonce, in the StmListingSingleLayout::import_new_layout method in versions up to, and including, 1.6.6. | 9.8 |
2023-06-07 | CVE-2021-4383 | Missing Authorization vulnerability in Webdevocean WP Quick Frontend Editor The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to page content injection in versions up to, and including, 5.5. | 4.3 |
2023-06-07 | CVE-2022-4948 | Missing Authorization vulnerability in Flying-Press Flyingpress The FlyingPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 3.9.6. | 4.3 |
2023-06-07 | CVE-2022-4950 | Missing Authorization vulnerability in multiple products Several WordPress plugins developed by Cool Plugins are vulnerable to arbitrary plugin installation and activation that can lead to remote code execution by authenticated attackers with minimal permissions, such as a subscriber. | 8.8 |
2023-06-06 | CVE-2023-33477 | Missing Authorization vulnerability in Harmonicinc NSG 9000-6G Firmware In Harmonic NSG 9000-6G devices, an authenticated remote user can obtain source code by directly requesting a special path. | 6.5 |