Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-11 | CVE-2023-6855 | Missing Authorization vulnerability in Strangerstudios Paid Memberships PRO The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to unauthorized modification of membership levels created by the plugin due to an incorrectly implemented capability check in the pmpro_rest_api_get_permissions_check function in all versions up to 2.12.5 (inclusive). | 5.3 |
| 2024-01-11 | CVE-2023-6875 | Missing Authorization vulnerability in Wpexperts Post Smtp Mailer The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint in all versions up to, and including, 2.8.7. | 9.8 |
| 2024-01-11 | CVE-2023-7019 | Missing Authorization vulnerability in Themeisle Lightstart The LightStart – Maintenance Mode, Coming Soon and Landing Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the insert_template function in all versions up to, and including, 2.6.8. | 4.3 |
| 2024-01-10 | CVE-2023-6158 | Missing Authorization vulnerability in Myeventon Eventon The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the evo_eventpost_update_meta function in all versions up to, and including, 4.5.4 (for Pro) and 2.2.7 (for free). | 6.5 |
| 2024-01-10 | CVE-2023-48245 | Missing Authorization vulnerability in Bosch Nexo-Os 1000/1500Sp2 The vulnerability allows an unauthenticated remote attacker to upload arbitrary files under the context of the application OS user (“root”) via a crafted HTTP request. | 9.8 |
| 2024-01-10 | CVE-2023-48247 | Missing Authorization vulnerability in Bosch Nexo-Os 1000/1500Sp2 The vulnerability allows an unauthenticated remote attacker to read arbitrary files under the context of the application OS user (“root”) via a crafted HTTP request. | 7.5 |
| 2024-01-08 | CVE-2022-34344 | Missing Authorization vulnerability in Rymera Wholesale Suite Missing Authorization vulnerability in Rymera Web Co Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More.This issue affects Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More: from n/a through 2.1.5. | 8.8 |
| 2024-01-08 | CVE-2022-36352 | Missing Authorization vulnerability in Metagauss Profilegrid Missing Authorization vulnerability in Profilegrid ProfileGrid – User Profiles, Memberships, Groups and Communities.This issue affects ProfileGrid – User Profiles, Memberships, Groups and Communities: from n/a through 5.0.3. | 8.8 |
| 2024-01-08 | CVE-2023-6383 | Missing Authorization vulnerability in Bowo Debug LOG Manager The Debug Log Manager WordPress plugin before 2.3.0 contains a Directory listing vulnerability was discovered, which allows you to download the debug log without authorization and gain access to sensitive data | 7.5 |
| 2024-01-06 | CVE-2023-6798 | Missing Authorization vulnerability in Themeisle RSS Aggregator BY Feedzy The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check when updating settings in all versions up to, and including, 4.3.2. | 5.4 |