Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-03-13 | CVE-2024-1843 | Missing Authorization vulnerability in Flamescorpion Auto Affiliate Links The Auto Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the aalAddLink function in all versions up to, and including, 6.4.3. | 4.3 |
| 2024-03-13 | CVE-2024-1862 | Missing Authorization vulnerability in Renventura Woocommerce ADD to Cart Custom Redirect The WooCommerce Add to Cart Custom Redirect plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'wcr_dismiss_admin_notice' function in all versions up to, and including, 1.2.13. | 6.5 |
| 2024-03-11 | CVE-2024-0052 | Missing Authorization vulnerability in Google Android 14.0 In multiple functions of healthconnect, there is a possible leakage of exercise route data due to a missing permission check. | 3.3 |
| 2024-03-09 | CVE-2024-1125 | Missing Authorization vulnerability in Metagauss Eventprime The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the calendar_events_delete() function in all versions up to, and including, 3.4.3. | 5.3 |
| 2024-03-08 | CVE-2024-1851 | Missing Authorization vulnerability in Servit Affiliate-Toolkit The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the atkp_create_list() function in all versions up to, and including, 3.5.4. | 6.5 |
| 2024-03-07 | CVE-2024-28230 | Missing Authorization vulnerability in Jetbrains Youtrack In JetBrains YouTrack before 2024.1.25893 attaching/detaching workflow to a project was possible without project admin permissions | 6.5 |
| 2024-03-06 | CVE-2024-28155 | Missing Authorization vulnerability in Jenkins Appspider Jenkins AppSpider Plugin 1.0.16 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about available scan config names, engine group names, and client names. | 4.3 |
| 2024-03-06 | CVE-2024-1771 | Missing Authorization vulnerability in Hashthemes Total The Total theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the total_order_sections() function in all versions up to, and including, 2.1.59. | 4.3 |
| 2024-02-29 | CVE-2024-23493 | Missing Authorization vulnerability in Mattermost Server Mattermost fails to properly authorize the requests fetching team associated AD/LDAP groups, allowing a user to fetch details of AD/LDAP groups of a team that they are not a member of. | 6.5 |
| 2024-02-29 | CVE-2024-0907 | Missing Authorization vulnerability in Basixonline Nex-Forms The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the restore_records() function in all versions up to, and including, 8.5.6. | 4.3 |