The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,368 vulnerabilities with CWE-862
CVE-2024-6799
MEDIUM
YITH Essential Kit for WooCommerce #1 <2.34.0 - Privilege Escalation
CVSS 4.3
CVE-2024-5997
MEDIUM
Duplica - Unauthorized Data Modification
CVSS 4.3
CVE-2024-6455
MEDIUM
ElementsKit Elementor addons <3.2.0 - Info Disclosure
CVSS 5.3
CVE-2024-6599
MEDIUM
Meks Video Importer <1.0.11 - Auth Bypass
CVSS 4.3
CVE-2024-6175
MEDIUM
Booking Ultra Pro Appointments Booking Calendar Plugin <1.1.13 - In...
CVSS 5.4
CVE-2024-5703
MEDIUM
Email Subscribers by Icegram Express < 5.7.26 - Authenticated Missing Authorization in REST API
CVSS 4.3
CVE-2024-6660
HIGH
BookingPress - Privilege Escalation
CVSS 8.8
CVE-2024-6033
MEDIUM
Eventin < 4.0.4 - Authenticated Unauthorized Data Importation via import_file Function
CVSS 4.3
CVE-2024-6621
MEDIUM
RSS Aggregator <4.23.11 - Info Disclosure
CVSS 4.3
CVE-2024-6579
MEDIUM
WPBakery Builder <1.4.5 - Privilege Escalation
CVSS 4.3
CVE-2024-1937
HIGH
Brizy - Page Builder <2.4.44 - Info Disclosure
CVSS 7.1
CVE-2024-6465
MEDIUM
WP Links Page <4.9.5 - Info Disclosure
CVSS 4.3
CVE-2024-37544
MEDIUM
Tobias Conrad Get Better Reviews for WooCommerce <4.0.6 - Info Disc...
CVSS 4.3
CVE-2024-37202
MEDIUM
BinaryCarpenter Ultimate Custom Add To Cart Button - XSS
CVSS 6.5
CVE-2024-6328
CRITICAL
MStore API < 4.14.7 - Unauthenticated Authentication Bypass via Phone Parameter
CVSS 9.8
CVE-2024-6392
MEDIUM
Sirv WordPress <7.2.7 - Privilege Escalation
CVSS 5.4
CVE-2024-39546
HIGH
Juniper Junos OS Evolved Privilege Escalation via Socket Intercept Command File Interface
CVSS 7.3
CVE-2024-0619
MEDIUM
Payflex Payment Gateway <2.5.0 - Info Disclosure
CVSS 5.3
CVE-2024-38353
MEDIUM
CodiMD < 2.5.4 - Unauthenticated Image Data Access via Insecure Filename Generation
CVSS 5.3
CVE-2024-5677
MEDIUM
WordPress Featured Image Generator <1.3.1 - Unauth Img Upload
CVSS 4.3
CVE-2024-21417
HIGH
Windows Text Services Framework - Elevation of Privilege via Missing Authorization
CVSS 8.8
CVE-2024-31332
HIGH
Android - Missing Authorization for Wi-Fi Connection Addition
CVSS 7.8
CVE-2024-31318
HIGH
Android - Local Privilege Escalation via CompanionDeviceManagerService Missing Permission Check
CVSS 7.8
CVE-2024-6167
MEDIUM
Just Custom Fields <3.3.2 - Privilege Escalation
CVSS 4.3
CVE-2024-6069
HIGH
WordPress Registration Forms <3.8.3.4 - Command Injection
CVSS 8.8
Details
Vulnerabilities
8,368
Exploit Likelihood
High