Vulnerabilities > Missing Authorization

DATE CVE VULNERABILITY TITLE RISK
2022-11-08 CVE-2022-20446 Missing Authorization vulnerability in Google Android 10.0/11.0
In AlwaysOnHotwordDetector of AlwaysOnHotwordDetector.java, there is a possible way to access the microphone from the background due to a missing permission check.
local
low complexity
google CWE-862
3.3
2022-11-08 CVE-2022-20450 Missing Authorization vulnerability in Google Android
In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way to bypass user consent due to a missing permission check.
local
low complexity
google CWE-862
7.8
2022-11-08 CVE-2022-20451 Missing Authorization vulnerability in Google Android
In onCallRedirectionComplete of CallsManager.java, there is a possible permissions bypass due to a missing permission check.
local
low complexity
google CWE-862
7.8
2022-11-08 CVE-2022-40223 Missing Authorization vulnerability in Searchwp
Nonce token leakage and missing authorization in SearchWP premium plugin <= 4.2.5 on WordPress leading to plugin settings change.
network
low complexity
searchwp CWE-862
4.3
2022-11-07 CVE-2022-3451 Missing Authorization vulnerability in Addify Product Stock Manager
The Product Stock Manager WordPress plugin before 1.0.5 does not have authorisation and proper CSRF checks in multiple AJAX actions, allowing users with a role as low as subscriber to call them.
network
low complexity
addify CWE-862
4.3
2022-11-07 CVE-2022-3489 Missing Authorization vulnerability in Weberge WP Hide 0.0.2
The WP Hide WordPress plugin through 0.0.2 does not have authorisation and CSRF checks in place when updating the custom_wpadmin_slug settings, allowing unauthenticated attackers to update it with a crafted request
network
low complexity
weberge CWE-862
5.3
2022-11-03 CVE-2022-36404 Missing Authorization vulnerability in Coleds Simple SEO
Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO (WordPress plugin) plugin <= 1.8.12 versions.
network
low complexity
coleds CWE-862
5.4
2022-10-31 CVE-2022-3096 Missing Authorization vulnerability in WP Total Hacks Project WP Total Hacks
The WP Total Hacks WordPress plugin through 4.7.2 does not prevent low privilege users from modifying the plugin's settings.
network
low complexity
wp-total-hacks-project CWE-862
5.4
2022-10-28 CVE-2022-3400 Missing Authorization vulnerability in Bricksbuilder Bricks
The Bricks theme for WordPress is vulnerable to authorization bypass due to a missing capability check on the bricks_save_post AJAX action in versions 1.0 to 1.5.3.
network
low complexity
bricksbuilder CWE-862
6.5
2022-10-28 CVE-2022-3320 Missing Authorization vulnerability in Cloudflare Warp
It was possible to bypass policies configured for Zero Trust Secure Web Gateway by using warp-cli 'set-custom-endpoint' subcommand.
network
low complexity
cloudflare CWE-862
critical
9.8