The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,368 vulnerabilities with CWE-862
CVE-2024-7031
HIGH
File Manager Pro - Filester <= 1.8.2 - Authenticated Arbitrary Setting Modification via njt_fs_saveSettingRestrictions
CVSS 7.5
CVE-2024-5331
MEDIUM
Breakdance <1.7.2 - Info Disclosure
CVSS 4.3
CVE-2024-6698
HIGH
FundEngine <1.7.0 - Privilege Escalation
CVSS 8.8
CVE-2024-41108
HIGH
fogproject 1.5.10-1.5.10.41 - Unauthenticated Information Disclosure via Hostinfo Page
CVSS 7.5
CVE-2024-37901
CRITICAL
XWiki 9.2-14.10.20 - Authenticated Remote Code Execution via SearchSuggestClass Instances
CVSS 9.9
CVE-2024-37898
MEDIUM
XWiki Platform 13.10.4-14.0 and 13.10.4-14.10.21 - Missing Authorization in Page Deletion
CVSS 4.3
CVE-2024-7135
MEDIUM
Tainacan <= 0.21.7 - Authenticated Arbitrary File Read via Missing Authorization in get_file Function
CVSS 6.5
CVE-2024-2508
MEDIUM
WP Mobile Menu <2.8.4.4 - Info Disclosure
CVSS 5.3
CVE-2024-40834
MEDIUM
macOS < 12.7.6, < 13.6.8, < 14.6 - Missing Authorization for Shortcuts App Settings
CVSS 4.4
CVE-2024-41624
MEDIUM
Himalaya Xiaoya nano smart speaker <1.6.96 - Info Disclosure
CVSS 6.3
CVE-2024-6458
MEDIUM
WooCommerce Product Table Lite <3.5.1 - XSS
CVSS 6.4
CVE-2024-6591
MEDIUM
Ultimate WordPress Auction Plugin <4.2.6 - XSS
CVSS 5.8
CVE-2024-4410
MEDIUM
IgnitionDeck Crowdfunding Platform <1.9.8 - Privilege Escalation
CVSS 5.4
CVE-2024-1804
MEDIUM
Tutor LMS - Migration Tool <= 2.2.0 - Authenticated Data Modification via tutor_import_from_xml Function
CVSS 4.3
CVE-2024-1798
MEDIUM
Tutor LMS - Migration Tool <= 2.2.0 - Unauthenticated Data Export via tutor_lp_export_xml Function
CVSS 5.3
CVE-2024-6836
MEDIUM
FunnelKit - WordPress <3.4.6 - Info Disclosure
CVSS 4.3
CVE-2024-5861
MEDIUM
WP EasyPay - Square for WordPress <= 4.2.3 - Unauthenticated Square Disconnection via Missing Capability Check
CVSS 5.3
CVE-2024-6755
MEDIUM
Social Auto Poster <5.3.14 - Info Disclosure
CVSS 6.5
CVE-2024-6754
MEDIUM
Social Auto Poster <5.3.14 - Privilege Escalation
CVSS 5.4
CVE-2024-6750
HIGH
Social Auto Poster <5.3.14 - Auth Bypass
CVSS 7.3
CVE-2024-6806
CRITICAL
NI VeriStand < 2024 Q2 - Missing Authorization Leading to Remote Code Execution
CVSS 9.8
CVE-2024-6805
HIGH
NI VeriStand <2024 Q2 - Info Disclosure/Remote Code Execution
CVSS 7.5
CVE-2024-6636
CRITICAL
WooCommerce - Social Login <2.7.3 - Info Disclosure
CVSS 9.8
CVE-2024-6491
MEDIUM
Getwid - Gutenberg Blocks <2.0.10 - Info Disclosure
CVSS 4.3
CVE-2024-6489
MEDIUM
Getwid - Gutenberg Blocks <2.0.10 - Info Disclosure
CVSS 5.3
Details
Vulnerabilities
8,368
Exploit Likelihood
High