The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,365 vulnerabilities with CWE-862
CVE-2024-7447
MEDIUM
Funnelforms Free <= 3.7.3.2 - Unauthenticated Arbitrary File Upload via fnsf_af2_handel_file_upload
CVSS 5.3
CVE-2024-8199
MEDIUM
Reviews Feed - WordPress <1.1.2 - Info Disclosure
CVSS 4.3
CVE-2024-6688
MEDIUM
Oxygen Builder <4.8.3 - Info Disclosure
CVSS 4.3
CVE-2024-43214
MEDIUM
myCred <= 2.7.2 - Sensitive Data Exposure via Missing Authorization
CVSS 5.3
CVE-2024-6631
MEDIUM
ImageRecycle pdf & image compression plugin <3.1.14 - Info Disclosure
CVSS 5.0
CVE-2024-7258
HIGH
WooCommerce Google Feed Manager <= 2.8.0 - Authenticated Arbitrary File Deletion via wppfm_removeFeedFile
CVSS 8.8
CVE-2024-43331
MEDIUM
VeronaLabs WP SMS <6.9.3 - Info Disclosure
CVSS 5.3
CVE-2024-45168
CRITICAL
uci idol2 < 2.12 - Missing Authorization via Raw Socket Communication
CVSS 9.1
CVE-2024-7390
MEDIUM
WP Testimonial Widget <= 3.1 - Unauthenticated Data Modification via fnSaveTestimonailOrder
CVSS 5.3
CVE-2024-7032
MEDIUM
Smart Online Order for Clover <= 1.5.6 - Unauthenticated Data Deletion via moo_deactivateAndClean Function
CVSS 6.5
CVE-2024-7030
MEDIUM
Smart Online Order for Clover <= 1.5.6 - Authenticated Data Modification via Missing Capability Check
CVSS 4.3
CVE-2024-6883
MEDIUM
Event Espresso <5.0.22.decaf - Privilege Escalation
CVSS 4.3
CVE-2024-38810
MEDIUM
Spring Security 6.3.0-6.3.1 - Missing Authorization via @AuthorizeReturnObject Annotation
CVSS 6.5
CVE-2024-5941
MEDIUM
GiveWP <= 3.14.1 - Authenticated Unauthorized Data Access and Deletion
CVSS 5.4
CVE-2024-5940
MEDIUM
GiveWP - Donation Plugin and Fundraising Platform <= 3.13.0 - Unauthenticated Data Modification via Events Beta Feature
CVSS 6.5
CVE-2024-5939
MEDIUM
GiveWP - Donation Plugin and Fundraising Platform <= 3.13.0 - Unauthenticated Data Access via Setup Wizard
CVSS 5.3
CVE-2024-43326
MEDIUM
Jamie Bergen Plugin Notes Plus <1.2.7 - Info Disclosure
CVSS 5.4
CVE-2024-43256
HIGH
nouthemes Leopard-WordPress offload media <2.0.36 - Info Disclosure
CVSS 7.1
CVE-2024-43247
HIGH
WHMpress < 6.2-revision-5 - Missing Authorization
CVSS 8.8
CVE-2024-43401
CRITICAL
XWiki Platform < 15.10-rc-1 - Unauthenticated Privilege Escalation via WYSIWYG Editor Payload
CVSS 9.0
CVE-2024-44069
HIGH
Pi-hole < 6.0 - Unauthenticated Temperature Unit Change via admin/api.php
CVSS 7.5
CVE-2024-35686
MEDIUM
Automattic Sensei <4.23.1 - Info Disclosure
CVSS 5.3
CVE-2024-6500
CRITICAL
InPost <1.4.0-1.4.4 - Info Disclosure
CVSS 10.0
CVE-2024-42434
MEDIUM
Zoom Workplace Apps - Info Disclosure
CVSS 4.9
CVE-2024-39824
MEDIUM
Zoom Meeting SDK < 6.1.0 - Missing Authorization
CVSS 4.9
Details
Vulnerabilities
8,365
Exploit Likelihood
High