The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,361 vulnerabilities with CWE-862
CVE-2024-9629
MEDIUM
Contact Form 7 + Telegram <0.8.5 - Privilege Escalation
CVSS 5.4
CVE-2024-50573
MEDIUM
JetBrains Hub < 2024.3.47707 - Missing Authorization for Permanent Token Generation
CVSS 4.3
CVE-2024-10402
HIGH
Forminator Forms < 1.35.1 - Authenticated Missing Authorization in Form Management
CVSS 7.5
CVE-2024-10092
MEDIUM
WordPress Download Monitor <5.0.12 - Info Disclosure
CVSS 4.3
CVE-2024-9626
MEDIUM
Sovrn plugin <1.3.3 - Info Disclosure
CVSS 4.3
CVE-2024-9584
MEDIUM
Image Map Pro < 6.0.20 - Authenticated Data Modification and Deletion via AJAX Function
CVSS 5.4
CVE-2024-9630
MEDIUM
WPS Telegram Chat < 4.6.0 - Unauthenticated Authorization Bypass via Telegram Bot API
CVSS 5.4
CVE-2024-9628
MEDIUM
WPS Telegram Chat < 4.6.0 - Authenticated Unauthorized Data Modification via Telegram Bot API
CVSS 6.3
CVE-2024-9109
MEDIUM
WooCommerce UPS Shipping < 2.3.12 - Authenticated Authorization Bypass via delete_oauth_data
CVSS 4.3
CVE-2024-9686
MEDIUM
Order Notification for Telegram <= 1.0.1 - Unauthenticated Test Message Sending via Telegram Bot API
CVSS 5.3
CVE-2024-49357
HIGH
ZimaOS < 1.2.5 - Unauthenticated Sensitive Data Exposure via API Endpoints
CVSS 7.5
CVE-2024-48932
MEDIUM
ZimaOS < 1.5.0 - Unauthenticated Sensitive Information Exposure via User Name API Endpoint
CVSS 5.3
CVE-2024-48538
CRITICAL
Neye3C 4.5.2.0 - Missing Authorization for Firmware Update and Download
CVSS 9.8
CVE-2024-49683
MEDIUM
Schema & Structured Data for WP & AMP <1.3.5 - Info Disclosure
CVSS 5.3
CVE-2024-9531
MEDIUM
MultiVendorX < 4.2.5 - Authenticated Arbitrary Vendor Deactivation Request via mvx_sent_deactivation_request
CVSS 4.3
CVE-2024-8667
MEDIUM
HurryTimer <2.10.0 - Privilege Escalation
CVSS 4.3
CVE-2024-49657
HIGH
ReneeCussack 3D Work In Progress <1.0.4 - Info Disclosure
CVSS 7.7
CVE-2024-43924
MEDIUM
dFactory Responsive Lightbox < 2.4.7 - Missing Authorization
CVSS 5.3
CVE-2024-9583
MEDIUM
RSS Aggregator < 4.23.13 - Authenticated Unauthorized Functionality Use via wprss_ajax_send_premium_support
CVSS 4.3
CVE-2024-9829
MEDIUM
Download Plugin < 2.2.0 - Authenticated Unauthorized Data Access via Missing Capability Checks
CVSS 6.5
CVE-2024-38002
CRITICAL
Liferay Portal/DXP - Authenticated RCE
CVSS 9.0
CVE-2024-10003
MEDIUM
Rover IDX <3.0.0.2903 - Privilege Escalation
CVSS 6.3
CVE-2024-48645
HIGH
Minecraft mod 'Command Block IDE' <0.4.9 - Privilege Escalation
CVSS 7.5
CVE-2024-49367
HIGH
nginxui/nginx_ui < 2.0.0-beta.36 - Unauthenticated Directory Traversal and Arbitrary File Read via Log Path Manipulation
CVSS 7.5
CVE-2024-49321
MEDIUM
Simple Custom Post Order <= 2.5.7 - Missing Authorization
CVSS 4.3
Details
Vulnerabilities
8,361
Exploit Likelihood
High