Vulnerabilities > Missing Authorization

DATE	CVE	VULNERABILITY TITLE	RISK
2023-06-07	CVE-2021-4370	Missing Authorization vulnerability in Stylemixthemes Ulisting The uListing plugin for WordPress is vulnerable to authorization bypass as most actions and endpoints are accessible to unauthenticated users, lack security nonces, and data is seldom validated. network low complexity stylemixthemes CWE-862 critical	9.8
2023-06-07	CVE-2021-4371	Missing Authorization vulnerability in Pluginmirror WP Quick Frontend Editor The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Setting Changs in versions up to, and including, 5.5. network low complexity pluginmirror CWE-862	4.3
2023-06-07	CVE-2021-4374	Missing Authorization vulnerability in Valvepress Wordpress Automatic Plugin The WordPress Automatic Plugin for WordPress is vulnerable to arbitrary options updates in versions up to, and including, 3.53.2. network low complexity valvepress CWE-862 critical	9.8
2023-06-07	CVE-2021-4375	Missing Authorization vulnerability in Collne Welcart E-Commerce The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the usces_download_system_information() function in versions up to, and including, 2.2.7. network low complexity collne CWE-862	4.3
2023-06-07	CVE-2021-4376	Missing Authorization vulnerability in Palscode Woocommerce Multi Currency The WooCommerce Multi Currency plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.17. network low complexity palscode CWE-862	4.3
2023-06-07	CVE-2021-4381	Missing Authorization vulnerability in Stylemixthemes Ulisting The uListing plugin for WordPress is vulnerable to authorization bypass via wp_route due to missing capability checks, and a missing security nonce, in the StmListingSingleLayout::import_new_layout method in versions up to, and including, 1.6.6. network low complexity stylemixthemes CWE-862 critical	9.8
2023-06-07	CVE-2021-4383	Missing Authorization vulnerability in Webdevocean WP Quick Frontend Editor The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to page content injection in versions up to, and including, 5.5. network low complexity webdevocean CWE-862	4.3
2023-06-07	CVE-2022-4948	Missing Authorization vulnerability in Flying-Press Flyingpress The FlyingPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 3.9.6. network low complexity flying-press CWE-862	4.3
2023-06-07	CVE-2022-4950	Missing Authorization vulnerability in multiple products Several WordPress plugins developed by Cool Plugins are vulnerable to arbitrary plugin installation and activation that can lead to remote code execution by authenticated attackers with minimal permissions, such as a subscriber. network low complexity coolplugins cryptocurrency-payment-donation-box-plugins CWE-862	8.8
2023-06-06	CVE-2023-33477	Missing Authorization vulnerability in Harmonicinc NSG 9000-6G Firmware In Harmonic NSG 9000-6G devices, an authenticated remote user can obtain source code by directly requesting a special path. network low complexity harmonicinc CWE-862	6.5

Vulnerabilities > Missing Authorization {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Missing Authorization"}]}

Vulnerabilities > Missing Authorization