Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-11 | CVE-2023-6504 | Missing Authorization vulnerability in Cozmoslabs Profile Builder The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wppb_toolbox_usermeta_handler function in all versions up to, and including, 3.10.7. | 4.3 |
| 2024-01-11 | CVE-2023-6598 | Missing Authorization vulnerability in Softaculous Speedycache The SpeedyCache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the speedycache_save_varniship, speedycache_img_update_settings, speedycache_preloading_add_settings, and speedycache_preloading_delete_resource functions in all versions up to, and including, 1.1.3. | 4.3 |
| 2024-01-11 | CVE-2023-6637 | Missing Authorization vulnerability in Daan Complete Analytics Optimization Suite The CAOS | Host Google Analytics Locally plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_settings' function in versions up to, and including, 4.7.14. | 5.3 |
| 2024-01-11 | CVE-2023-6638 | Missing Authorization vulnerability in Gutengeek GG WOO Feed 1.2.4 The GTG Product Feed for Shopping plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_settings' function in versions up to, and including, 1.2.4. | 5.3 |
| 2024-01-11 | CVE-2023-6751 | Missing Authorization vulnerability in Hostinger The Hostinger plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the function publish_website in all versions up to, and including, 1.9.7. | 6.5 |
| 2024-01-11 | CVE-2023-6855 | Missing Authorization vulnerability in Strangerstudios Paid Memberships PRO The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to unauthorized modification of membership levels created by the plugin due to an incorrectly implemented capability check in the pmpro_rest_api_get_permissions_check function in all versions up to 2.12.5 (inclusive). | 5.3 |
| 2024-01-11 | CVE-2023-6875 | Missing Authorization vulnerability in Wpexperts Post Smtp Mailer The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint in all versions up to, and including, 2.8.7. | 9.8 |
| 2024-01-11 | CVE-2023-7019 | Missing Authorization vulnerability in Themeisle Lightstart The LightStart – Maintenance Mode, Coming Soon and Landing Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the insert_template function in all versions up to, and including, 2.6.8. | 4.3 |
| 2024-01-10 | CVE-2023-6158 | Missing Authorization vulnerability in Myeventon Eventon The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the evo_eventpost_update_meta function in all versions up to, and including, 4.5.4 (for Pro) and 2.2.7 (for free). | 6.5 |
| 2024-01-10 | CVE-2023-48245 | Missing Authorization vulnerability in Bosch Nexo-Os 1000/1500Sp2 The vulnerability allows an unauthenticated remote attacker to upload arbitrary files under the context of the application OS user (“root”) via a crafted HTTP request. | 9.8 |