The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,365 vulnerabilities with CWE-862
CVE-2024-7605
MEDIUM
HelloAsso < 1.1.10 - Authenticated Data Modification via Missing Capability Check
CVSS 4.3
CVE-2024-7381
MEDIUM
Geo Controller < 8.6.9 - Unauthenticated Arbitrary Shortcode Execution via ajax__shortcode_cache
CVSS 5.3
CVE-2024-7380
MEDIUM
Geo Controller < 8.7.3 - Authenticated Menu Creation and Deletion via Missing Capability Checks
CVSS 4.3
CVE-2024-6332
MEDIUM
Amelia Premium & Lite <7.7-1.2.3 - Info Disclosure
CVSS 6.5
CVE-2024-5309
MEDIUM
Form Vibes - Database Manager for Forms <1.4.12 - Info Disclosure
CVSS 5.4
CVE-2024-45050
HIGH
Ringer Server <1.3.1 - Info Disclosure
CVSS 7.1
CVE-2024-8289
CRITICAL
MultiVendorX <4.2.0 - Privilege Escalation
CVSS 9.8
CVE-2024-8121
MEDIUM
WP Extended <3.0.8 - Privilege Escalation
CVSS 5.4
CVE-2024-8102
HIGH
WP Extended <3.0.8 - Privilege Escalation
CVSS 8.8
CVE-2024-7950
CRITICAL
WP Job Portal < 2.1.6 - Unauthenticated Local File Inclusion and Arbitrary Settings Update via checkFormRequest
CVSS 9.8
CVE-2024-45307
HIGH
SudoBot <9.26.7 - Privilege Escalation
CVSS 8.8
CVE-2024-4259
CRITICAL
SAMPA Holding AKOS < 2024-09-02 - Missing Authorization in AkosCepVatandasService and TahsilatService
CVSS 9.8
CVE-2024-5053
MEDIUM
Fluent Forms < 5.1.18 - Unauthorized Mailchimp API Key Update via Insufficient Capability Check
CVSS 4.2
CVE-2024-7858
MEDIUM
Media Library Folders <= 8.2.3 - Authenticated Missing Authorization in AJAX Functions
CVSS 6.3
CVE-2024-5784
HIGH
Tutor LMS Pro <= 2.7.2 - Authenticated Missing Authorization in Administrative Functions
CVSS 7.1
CVE-2024-43940
MEDIUM
Zynith < 7.4.9 - Missing Authorization
CVSS 6.5
CVE-2024-43939
MEDIUM
Zynith < 7.4.9 - Missing Authorization
CVSS 6.5
CVE-2024-7856
HIGH
MP3 Audio Player by Sonaar <= 5.7.0.1 - Arbitrary File Deletion via removeTempFiles
CVSS 8.1
CVE-2024-5987
MEDIUM
WP Accessibility Helper (WAH) <= 0.6.2.8 - Authenticated Data Modification via Missing Capability Check
CVSS 5.4
CVE-2024-5857
MEDIUM
Funnelforms Free <= 3.7.3.2 - Unauthenticated Arbitrary Media File Deletion via af2_handel_file_remove AJAX Action
CVSS 5.3
CVE-2024-4428
CRITICAL
Menulux Information Technologies Managment Portal <21.05.2024 - Inf...
CVSS 9.8
CVE-2024-41918
MEDIUM
Rakuten Ichiba < 11.7.0 (iOS) and < 12.4.0 (Android) - Missing Authorization in Custom URL Scheme Handler
CVSS 6.1
CVE-2024-45058
HIGH
i-Educar <2.9 - Privilege Escalation
CVSS 8.1
CVE-2024-20413
MEDIUM
Cisco NX-OS Software - Privilege Escalation
CVSS 6.7
CVE-2024-8195
MEDIUM
Permalink Manager Lite <2.4.4 - Info Disclosure
CVSS 5.3
Details
Vulnerabilities
8,365
Exploit Likelihood
High