The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,358 vulnerabilities with CWE-862
CVE-2024-11125
MEDIUM
GetSimpleCMS 3.3.16 - Cross-Site Request Forgery in Profile Management
CVSS 4.3
CVE-2024-47587
LOW
Cash Operations - Privilege Escalation
CVSS 3.5
CVE-2024-42372
MEDIUM
SAP NetWeaver AS Java - Info Disclosure
CVSS 6.5
CVE-2024-10589
CRITICAL
Leopard - WordPress Offload Media <= 3.1.1 - Authenticated Privilege Escalation via Missing Capability Check
CVSS 9.8
CVE-2024-10674
HIGH
Th Shop Mania <1.4.9 - Privilege Escalation
CVSS 8.8
CVE-2024-10673
HIGH
Top Store theme <1.5.4 - Privilege Escalation
CVSS 8.8
CVE-2024-10588
MEDIUM
WordPress Debug Tool <2.3 - Info Disclosure
CVSS 4.3
CVE-2024-10586
CRITICAL
Debug Tool < 2.2 - Unauthenticated Arbitrary File Creation via dbt_pull_image()
CVSS 9.8
CVE-2024-10294
MEDIUM
CE21 Suite <2.2.0 - Info Disclosure
CVSS 6.5
CVE-2024-48073
CRITICAL
sunniwell HT3300 <1.0.0.B022.2 - Command Injection
CVSS 9.8
CVE-2024-10824
MEDIUM
GitHub Enterprise Server 3.13.0-3.13.2 - Missing Authorization for Secret Scanning Alert Data
CVSS 6.5
CVE-2024-43431
HIGH
Moodle < 4.1.12 - Missing Authorization for Badge Deletion
CVSS 7.5
CVE-2024-6626
MEDIUM
EleForms <= 2.9.9.9 - Unauthenticated Data Access via Missing Capability Check
CVSS 5.3
CVE-2024-10543
MEDIUM
Tumult Hype Animations <= 1.9.14 - Authenticated Unauthorized Data Access via hypeanimations_getcontent Function
CVSS 4.3
CVE-2024-10535
MEDIUM
Video Gallery for WooCommerce <= 1.31 - Unauthenticated Arbitrary Thumbnail Deletion via remove_unused_thumbnails()
CVSS 5.3
CVE-2024-7429
MEDIUM
Zotpress <= 7.3.12 - Authenticated Unauthorized Data Modification via Missing Capability Check
CVSS 4.3
CVE-2024-51516
MEDIUM
HarmonyOS - Missing Authorization in Ability Module
CVSS 6.2
CVE-2024-48045
MEDIUM
Happy Addons for Elementor <= 3.12.3 - Missing Authorization
CVSS 4.3
CVE-2024-48044
MEDIUM
ShortPixel Image Optimizer <= 5.6.3 - Missing Authorization
CVSS 5.4
CVE-2024-48039
MEDIUM
CubeWP <= 1.1.15 - Missing Authorization
CVSS 4.3
CVE-2024-47362
MEDIUM
WPChill Strong Testimonials <3.1.16 - Info Disclosure
CVSS 4.3
CVE-2024-47361
MEDIUM
WPVibes Elementor Addon Elements <1.13.6 - Info Disclosure
CVSS 6.5
CVE-2024-47358
MEDIUM
Popup Maker <1.19.2 - Info Disclosure
CVSS 5.3
CVE-2024-47321
MEDIUM
WP Datepicker <2.1.1 - Info Disclosure
CVSS 6.5
CVE-2024-47318
MEDIUM
Magazine3 PWA for WP & AMP <1.7.72 - RCE
CVSS 4.3
Details
Vulnerabilities
8,358
Exploit Likelihood
High