Vulnerabilities > Missing Authorization
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-06-05 | CVE-2023-33970 | Missing Authorization vulnerability in Kanboard Kanboard is open source project management software that focuses on the Kanban methodology. | 6.5 |
2023-06-03 | CVE-2023-2299 | Missing Authorization vulnerability in Vcita Online Booking & Scheduling Calendar for Wordpress 4.2.10 The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized medication of data via the /wp-json/vcita-wordpress/v1/actions/auth REST-API endpoint in versions up to, and including, 4.2.10 due to a missing capability check on the processAction function. | 5.3 |
2023-06-03 | CVE-2023-2415 | Missing Authorization vulnerability in Vcita Online Booking & Scheduling Calendar for Wordpress BY Vcita The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_logout_callback function in versions up to, and including, 4.2.10. | 5.4 |
2023-06-03 | CVE-2023-3053 | Missing Authorization vulnerability in Azexo Page Builder With Image MAP BY Azexo 1.27.133 The Page Builder by AZEXO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'azh_add_post' function in versions up to, and including, 1.27.133. | 4.3 |
2023-05-31 | CVE-2023-2434 | Missing Authorization vulnerability in Kylephillips Nested Pages The Nested Pages plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'reset' function in versions up to, and including, 3.2.3. | 3.8 |
2023-05-31 | CVE-2023-2545 | Missing Authorization vulnerability in Featherplugins Feather Login Page 1.0.7/1.1.1 The Feather Login Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getListOfUsers' function in versions starting from 1.0.7 up to, and including, 1.1.1. | 8.8 |
2023-05-31 | CVE-2023-2547 | Missing Authorization vulnerability in Featherplugins Feather Login Page 1.0.7/1.1.1 The Feather Login Page plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'deleteUser' function in versions starting from 1.0.7 up to, and including, 1.1.1. | 5.4 |
2023-05-29 | CVE-2023-24605 | Missing Authorization vulnerability in Open-Xchange OX APP Suite 7.10.5/7.10.6 OX App Suite before backend 7.10.6-rev37 does not enforce 2FA for all endpoints, e.g., reading from a drive, reading contact data, and renaming tokens. | 4.2 |
2023-05-27 | CVE-2023-2945 | Missing Authorization vulnerability in Open-Emr Openemr Missing Authorization in GitHub repository openemr/openemr prior to 7.0.1. | 5.4 |
2023-05-26 | CVE-2023-32311 | Missing Authorization vulnerability in Fit2Cloud Cloudexplorer CloudExplorer Lite is an open source cloud management platform. | 4.3 |