Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-03-20 | CVE-2024-2538 | Missing Authorization vulnerability in Permalink Manager Lite Project Permalink Manager Lite The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_save_permalink' function in all versions up to, and including, 2.4.3.1. | 4.3 |
| 2024-03-18 | CVE-2023-6821 | Missing Authorization vulnerability in Bestwebsoft Error LOG Viewer The Error Log Viewer by BestWebSoft WordPress plugin before 1.1.3 is affected by a Directory Listing issue, allowing users to read and download PHP logs without authorization | 6.5 |
| 2024-03-18 | CVE-2024-0780 | Missing Authorization vulnerability in Mediabetaprojects Enjoy Social Feed The Enjoy Social Feed plugin for WordPress website WordPress plugin through 6.2.2 does not have authorisation when resetting its database, allowing any authenticated users, such as subscriber to perform such action | 8.8 |
| 2024-03-13 | CVE-2023-6785 | Missing Authorization vulnerability in W3Eden Download Manager The Download Manager plugin for WordPress is vulnerable to unauthorized file download of files added via the plugin in all versions up to, and including, 3.2.84. | 5.3 |
| 2024-03-13 | CVE-2024-0828 | Missing Authorization vulnerability in Hammadh Play.Ht The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 3.6.4. | 6.3 |
| 2024-03-13 | CVE-2024-1126 | Missing Authorization vulnerability in Metagauss Eventprime The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_attendees_email_by_event_id() function in all versions up to, and including, 3.4.1. | 4.3 |
| 2024-03-13 | CVE-2024-1370 | Missing Authorization vulnerability in Themegrill Maintenance Page The Maintenance Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the subscribe_download function hooked via AJAX action in all versions up to, and including, 1.0.8. | 4.3 |
| 2024-03-13 | CVE-2024-1763 | Missing Authorization vulnerability in Wpmet WP Social Login and Register Social Counter The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wp_social/v1/ REST API endpoint in all versions up to, and including, 3.0.0. | 5.3 |
| 2024-03-13 | CVE-2024-1843 | Missing Authorization vulnerability in Flamescorpion Auto Affiliate Links The Auto Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the aalAddLink function in all versions up to, and including, 6.4.3. | 4.3 |
| 2024-03-13 | CVE-2024-1862 | Missing Authorization vulnerability in Renventura Woocommerce ADD to Cart Custom Redirect The WooCommerce Add to Cart Custom Redirect plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'wcr_dismiss_admin_notice' function in all versions up to, and including, 1.2.13. | 6.5 |