The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,354 vulnerabilities with CWE-862
CVE-2024-53258
MEDIUM
Autolab 3.0.0-3.0.2 - Unauthorized Submission Download via download_all_submissions Feature
CVSS 5.3
CVE-2024-8272
HIGH
com.uaudio.bsd.helper - Privilege Escalation
CVSS 7.8
CVE-2024-9941
HIGH
WPGYM - Wordpress Gym Management System <67.1.0 - Privilege Escalation
CVSS 8.8
CVE-2024-10606
MEDIUM
WP Travel Engine < 6.2.1 - Authenticated Data Modification via wpte_onboard_save_function_callback
CVSS 4.3
CVE-2024-9223
MEDIUM
WPDash Notes <1.3.5 - Info Disclosure
CVSS 4.3
CVE-2024-10813
MEDIUM
Product Table for WooCommerce by CodeAstrology <= 3.5.1 - Sensitive Information Exposure via var_dump_table
CVSS 5.3
CVE-2024-10537
MEDIUM
WP User Manager < 2.9.11 - Authenticated User Meta Key Enumeration via validate_user_meta_key()
CVSS 4.3
CVE-2024-10216
MEDIUM
WP User Manager <= 2.9.11 - Authenticated Data Modification via Missing Capability Check
CVSS 4.3
CVE-2024-0138
CRITICAL
NVIDIA Base Command Manager >=10.24.09 <10.24.09 - Unauthenticated Remote Code Execution via CMDaemon
CVSS 9.8
CVE-2024-0122
HIGH
NVIDIA Delegated Licensing - Info Disclosure
CVSS 7.6
CVE-2024-11601
HIGH
Sky Addons for Elementor <2.6.1 - CSRF
CVSS 8.1
CVE-2024-11355
MEDIUM
WordPress Vimeo Plugin <3.3 - Info Disclosure
CVSS 4.3
CVE-2024-11104
HIGH
Sky Addons for Elementor < 2.6.3 - Authenticated Arbitrary Option Update via Missing Capability Check
CVSS 8.1
CVE-2024-11354
MEDIUM
WordPress Vimeo Plugin <3.3 - Info Disclosure
CVSS 4.3
CVE-2024-11334
MEDIUM
My Contador lesr <2.1 - Info Disclosure
CVSS 4.3
CVE-2024-10532
MEDIUM
Bard Extra <1.2.7 - Info Disclosure
CVSS 4.3
CVE-2024-10528
MEDIUM
Ultimate Member < 2.8.9 - Authenticated Arbitrary Profile Picture Update via Missing Capability Check
CVSS 4.3
CVE-2024-10393
MEDIUM
Tutor LMS < 2.7.6 - Unauthenticated User Registration Bypass via Missing users_can_register Check
CVSS 5.3
CVE-2024-11154
MEDIUM
PublishPress Revisions: Duplicate Posts - Info Disclosure
CVSS 4.3
CVE-2024-10520
MEDIUM
WP Project Manager < 2.6.15 - Unauthenticated Data Modification via Missing Capability Check
CVSS 5.3
CVE-2024-45689
MEDIUM
Moodle < 4.1.13 - Missing Authorization in Dynamic Tables
CVSS 6.5
CVE-2024-10665
MEDIUM
Yaad Sarig Payment Gateway For WC <2.2.4 - Info Disclosure
CVSS 5.4
CVE-2024-10900
MEDIUM
ProfileGrid <= 5.9.3.6 - Authenticated Arbitrary User Meta Deletion
CVSS 6.5
CVE-2024-52395
MEDIUM
QunatumCloud Floating Buttons <2.8.9 - RCE
CVSS 5.3
CVE-2024-51817
MEDIUM
CodeZel Combo WP Rewrite Slugs - Info Disclosure
CVSS 5.4
Details
Vulnerabilities
8,354
Exploit Likelihood
High