The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,365 vulnerabilities with CWE-862
CVE-2024-9297
MEDIUM
SourceCodester Online Railway Reservation System 1.0 - Missing Authorization in Admin Page Parameter
CVSS 6.3
CVE-2024-9189
MEDIUM
EU/UK VAT Manager for WooCommerce <= 2.12.12 - Unauthenticated Data Modification via alg_wc_eu_vat_exempt_vat_from_admin
CVSS 5.3
CVE-2024-9202
MEDIUM
Eclipse Dataspace Components 0.1.3-0.9.0 - Missing Authorization in Dataset Resolver
CVSS 5.3
CVE-2024-8771
MEDIUM
Email Subscribers by Icegram Express - Info Disclosure
CVSS 4.3
CVE-2024-9025
MEDIUM
Sight <= 1.1.2 - Unauthenticated Data Exposure via handler_post_title
CVSS 5.3
CVE-2024-47337
MEDIUM
Stuart Wilson Joy Of Text Lite <2.3.1 - Info Disclosure
CVSS 4.3
CVE-2024-8552
MEDIUM
WordPress Download Monitor <5.0.9 - Info Disclosure
CVSS 4.3
CVE-2024-47330
MEDIUM
Supsystic Slider <1.8.6, Supsystic Social Share Buttons <2.2.9 - In...
CVSS 4.3
CVE-2024-8678
MEDIUM
Revolut Gateway <4.17.3 - Info Disclosure
CVSS 5.3
CVE-2024-8658
MEDIUM
myCred - Loyalty Points and Rewards - Info Disclosure
CVSS 5.3
CVE-2024-6845
MEDIUM
Chatbot with ChatGPT WP <2.4.6 - Info Disclosure
CVSS 5.3
CVE-2024-8434
MEDIUM
Easy Mega Menu Plugin <1.0.9 - Privilege Escalation
CVSS 4.3
CVE-2024-8350
LOW
Uncanny Groups for LearnDash <6.1.0.1 - Privilege Escalation
CVSS 2.7
CVE-2024-8349
HIGH
Uncanny Groups for LearnDash <6.1.0.1 - Privilege Escalation
CVSS 7.2
CVE-2024-7491
MEDIUM
HUSKY Products Filter Professional for WooCommerce <= 1.3.6.1 - IDOR via woof_messenger_remove_subscr
CVSS 5.3
CVE-2024-6590
MEDIUM
Spreadsheet Integration <3.7.9 - Privilege Escalation
CVSS 6.3
CVE-2024-8437
MEDIUM
WP Easy Gallery < 4.8.5 - Authenticated Unauthorized Access via AJAX Functions
CVSS 4.3
CVE-2024-8432
MEDIUM
Webba Booking <5.0.48 - Info Disclosure
CVSS 4.3
CVE-2024-6406
HIGH
Yordam Information Technology Mobile Library App <5.0 - Info Disclo...
CVE-2024-40852
MEDIUM
iPadOS < 18.0 - Unauthenticated Recent Photos Exposure in Assistive Access
CVSS 5.3
CVE-2024-7888
MEDIUM
Classified Listing < 3.1.7 - Authenticated Missing Authorization in FormBuilderAdminAjax Functions
CVSS 6.3
CVE-2024-4660
MEDIUM
GitLab 11.2.0-17.1.6, 17.2.0-17.2.4, 17.3.0-17.3.1 - Private Project Source Code Exposure via Group Templates
CVSS 6.5
CVE-2024-3305
HIGH
SoliClub <4.4.0-5.2.1 - Auth Bypass
CVSS 7.5
CVE-2024-7727
MEDIUM
HTML5 Video Player < 2.5.33 - Unauthenticated Unauthorized Data Access via h5vp_ajax_handler
CVSS 5.3
CVE-2024-7721
MEDIUM
HTML5 Video Player Plugin < 2.5.35 - Authenticated Data Modification via save_password
CVSS 4.3
Details
Vulnerabilities
8,365
Exploit Likelihood
High