Vulnerabilities > Missing Authorization

DATE CVE VULNERABILITY TITLE RISK
2023-10-20 CVE-2023-5533 Missing Authorization vulnerability in Quantumcloud AI Chatbot
The AI ChatBot plugin for WordPress is vulnerable to unauthorized use of AJAX actions due to missing capability checks on the corresponding functions in versions up to, and including, 4.8.9 as well as 4.9.2.
network
low complexity
quantumcloud CWE-862
critical
9.8
2023-10-20 CVE-2020-36698 Missing Authorization vulnerability in Cleantalk Security & Malware Scan
The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized user interaction in versions up to, and including, 2.50.
network
low complexity
cleantalk CWE-862
8.8
2023-10-20 CVE-2021-4353 Missing Authorization vulnerability in Rightpress Woocommerce Dynamic Pricing & Discounts 2.4.1
The WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to unauthenticated settings export in versions up to, and including, 2.4.1.
network
low complexity
rightpress CWE-862
5.3
2023-10-20 CVE-2023-4943 Missing Authorization vulnerability in Pluginus Bear - Woocommerce Bulk Editor and products Manager Professional
The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3.
network
low complexity
pluginus CWE-862
4.3
2023-10-20 CVE-2023-4947 Missing Authorization vulnerability in Wpfactory EAN for Woocommerce
The WooCommerce EAN Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refresh_order_ean_data AJAX action in versions up to 6.1.0.
network
low complexity
wpfactory CWE-862
4.3
2023-10-19 CVE-2023-27792 Missing Authorization vulnerability in Ixpdata Easyinstall 6.6.148840
An issue found in IXP Data Easy Install v.6.6.14884.0 allows an attacker to escalate privileges via lack of permissions applied to sub directories.
local
low complexity
ixpdata CWE-862
7.8
2023-10-19 CVE-2023-4645 Missing Authorization vulnerability in Igorfuna AD Inserter
The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the ai_ajax function.
network
low complexity
igorfuna CWE-862
5.3
2023-10-18 CVE-2023-4938 Missing Authorization vulnerability in Pluginus Bear - Woocommerce Bulk Editor and products Manager Professional
The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3.
network
low complexity
pluginus CWE-862
4.3
2023-10-11 CVE-2023-44689 Missing Authorization vulnerability in E-Gov
e-Gov Client Application (Windows version) versions prior to 2.1.1.0 and e-Gov Client Application (macOS version) versions prior to 1.1.1.0 are vulnerable to improper authorization in handler for custom URL scheme.
network
low complexity
e-gov CWE-862
4.3
2023-10-09 CVE-2022-36228 Missing Authorization vulnerability in Janusintl products
Nokelock Smart padlock O1 Version 5.3.0 is vulnerable to Insecure Permissions.
low complexity
janusintl CWE-862
6.5