Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-15 | CVE-2023-21122 | Missing Authorization vulnerability in Google Android In various functions of various files, there is a possible way to bypass the DISALLOW_DEBUGGING_FEATURES restriction for tracing due to a missing permission check. | 7.8 |
| 2023-06-15 | CVE-2023-21123 | Missing Authorization vulnerability in Google Android In multiple functions of multiple files, there is a possible way to bypass the DISALLOW_DEBUGGING_FEATURES restriction for tracing due to a missing permission check. | 7.8 |
| 2023-06-14 | CVE-2023-35149 | Missing Authorization vulnerability in Jenkins Digital.Ai APP Management Publisher A missing permission check in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing credentials stored in Jenkins. | 6.5 |
| 2023-06-09 | CVE-2023-2189 | Missing Authorization vulnerability in Staxwp Stax The Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the toggle_widget function in versions up to, and including, 1.4.3. | 4.3 |
| 2023-06-09 | CVE-2023-2414 | Missing Authorization vulnerability in Vcita Online Booking & Scheduling Calendar The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_save_settings_callback function in versions up to, and including, 4.4.6. | 4.3 |
| 2023-06-09 | CVE-2023-2557 | Missing Authorization vulnerability in Pluginus Wordpress Currency Switcher Professional The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save function in versions up to, and including, 1.1.9. | 4.3 |
| 2023-06-07 | CVE-2021-4337 | Missing Authorization vulnerability in Xforwoocommerce products Sixteen XforWooCommerce Add-On Plugins for WordPress are vulnerable to authorization bypass due to a missing capability check on the wp_ajax_svx_ajax_factory function in various versions listed below. | 8.8 |
| 2023-06-07 | CVE-2019-25139 | Missing Authorization vulnerability in Wpshopmart Coming Soon Page & Maintenance Mode The Coming Soon Page & Maintenance Mode plugin for WordPress is vulnerable to unauthenticated settings reset in versions up to, and including 1.8.1 due to missing capability checks in the ~/functions/data-reset-post.php file which makes it possible for unauthenticated attackers to trigger a plugin settings reset. | 5.3 |
| 2023-06-07 | CVE-2019-25141 | Missing Authorization vulnerability in Wp-Ecommerce Easy WP Smtp The Easy WP SMTP plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.3.9. | 9.8 |
| 2023-06-07 | CVE-2019-25142 | Missing Authorization vulnerability in Extendthemes Materialis and Mesmerize The Mesmerize & Materialis themes for WordPress are vulnerable to authenticated options change in versions up to, and including,1.6.89 (Mesmerize) and 1.0.172 (Materialis). | 8.8 |