Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-10 | CVE-2023-48247 | Missing Authorization vulnerability in Bosch Nexo-Os 1000/1500Sp2 The vulnerability allows an unauthenticated remote attacker to read arbitrary files under the context of the application OS user (“root”) via a crafted HTTP request. | 7.5 |
| 2024-01-08 | CVE-2023-6383 | Missing Authorization vulnerability in Bowo Debug LOG Manager The Debug Log Manager WordPress plugin before 2.3.0 contains a Directory listing vulnerability was discovered, which allows you to download the debug log without authorization and gain access to sensitive data | 7.5 |
| 2024-01-06 | CVE-2023-6798 | Missing Authorization vulnerability in Themeisle RSS Aggregator BY Feedzy The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check when updating settings in all versions up to, and including, 4.3.2. | 5.4 |
| 2024-01-04 | CVE-2023-6733 | Missing Authorization vulnerability in Butlerblog Wp-Members The WP-Members Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.8 via the wpmem_field shortcode. | 6.5 |
| 2024-01-03 | CVE-2024-0201 | Missing Authorization vulnerability in Webcodingplace Product Expiry for Woocommerce The Product Expiry for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_settings' function in versions up to, and including, 2.5. | 4.3 |
| 2024-01-03 | CVE-2023-7068 | Missing Authorization vulnerability in Webtoffee Woocommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on theprint_packinglist action in all versions up to, and including, 4.3.0. | 6.5 |
| 2024-01-03 | CVE-2023-42358 | Missing Authorization vulnerability in O-Ran-Sc Ric-Plt-E2Mgr An issue was discovered in O-RAN Software Community ric-plt-e2mgr in the G-Release environment, allows remote attackers to cause a denial of service (DoS) via a crafted request to the E2Manager API component. | 7.7 |
| 2024-01-02 | CVE-2023-4164 | Missing Authorization vulnerability in Google Android There is a possible information disclosure due to a missing permission check. | 5.5 |
| 2024-01-02 | CVE-2023-47458 | Missing Authorization vulnerability in Bladex Springblade 3.2.0/3.6.0/3.7.0 An issue in SpringBlade v.3.7.0 and before allows a remote attacker to escalate privileges via the lack of permissions control framework. | 9.8 |
| 2024-01-01 | CVE-2023-5877 | Missing Authorization vulnerability in Servit Affiliate-Toolkit The affiliate-toolkit WordPress plugin before 3.4.3 lacks authorization and authentication for requests to it's affiliate-toolkit-starter/tools/atkp_imagereceiver.php endpoint, allowing unauthenticated visitors to make requests to arbitrary URL's, including RFC1918 private addresses, leading to a Server Side Request Forgery (SSRF) issue. | 9.8 |