Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-25 | CVE-2023-46652 | Missing Authorization vulnerability in Jenkins Lambdatest-Automation A missing permission check in Jenkins lambdatest-automation Plugin 1.20.9 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of LAMBDATEST credentials stored in Jenkins. | 4.3 |
| 2023-10-25 | CVE-2023-4606 | Missing Authorization vulnerability in Lenovo products An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected. | 8.1 |
| 2023-10-25 | CVE-2023-5311 | Missing Authorization vulnerability in Wpvnteam WP Extra The WP EXtra plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the register() function in versions up to, and including, 6.2. | 8.8 |
| 2023-10-21 | CVE-2023-5132 | Missing Authorization vulnerability in Soisy Pagamento Rateale The Soisy Pagamento Rateale plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the parseRemoteRequest function in versions up to, and including, 6.0.1. | 7.5 |
| 2023-10-20 | CVE-2022-3622 | Missing Authorization vulnerability in Adenion Blog2Social The Blog2Social plugin for WordPress is vulnerable to authorization bypass due to missing capability checks in versions up to, and including, 6.9.11. | 4.3 |
| 2023-10-20 | CVE-2022-4943 | Missing Authorization vulnerability in Miniorange Google Authenticator The miniOrange's Google Authenticator plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when changing plugin settings in versions up to, and including, 5.6.5. | 5.3 |
| 2023-10-20 | CVE-2023-3869 | Missing Authorization vulnerability in Gvectors Wpdiscuz The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the voteOnComment function in versions up to, and including, 7.6.3. | 5.3 |
| 2023-10-20 | CVE-2023-3998 | Missing Authorization vulnerability in Gvectors Wpdiscuz The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the userRate function in versions up to, and including, 7.6.3. | 5.3 |
| 2023-10-20 | CVE-2023-4668 | Missing Authorization vulnerability in AD Inserter Project AD Inserter The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the ai-debug-processing-fe URL parameter. | 7.5 |
| 2023-10-20 | CVE-2023-4941 | Missing Authorization vulnerability in Pluginus Bear - Woocommerce Bulk Editor and products Manager Professional The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. | 4.3 |