The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,368 vulnerabilities with CWE-862
CVE-2024-5993
MEDIUM
Cliengo - Chatbot <3.0.1 - Info Disclosure
CVSS 5.4
CVE-2024-5992
MEDIUM
Cliengo - Chatbot plugin <3.0.1 - Info Disclosure
CVSS 6.5
CVE-2024-5856
MEDIUM
Comment Images Reloaded <2.2.1 - Info Disclosure
CVSS 4.3
CVE-2024-5704
MEDIUM
WooCommerce Accordion FAQ Plugin <1.6.4 - Info Disclosure
CVSS 4.3
CVE-2024-5669
MEDIUM
WooCommerce Accordion FAQ Plugin <1.6.4 - XSS
CVSS 6.4
CVE-2024-5648
MEDIUM
LearnDash LMS - Reports <1.8.2 - Info Disclosure
CVSS 5.4
CVE-2024-5600
MEDIUM
SCSS Happy Compiler <= 1.3.10 - Authenticated Stored XSS via import_settings()
CVSS 5.4
CVE-2024-4102
MEDIUM
Pricing Table plugin <2.0.1 - Info Disclosure
CVSS 5.4
CVE-2024-3608
MEDIUM
Product Designer <1.0.33 - Info Disclosure
CVSS 5.3
CVE-2024-6180
HIGH
EventON < 2.2.15 - Unauthenticated Arbitrary Setting Modification via eventon_import_settings AJAX Action
CVSS 7.2
CVE-2024-39596
MEDIUM
SAP Enable Now - Missing Authorization
CVSS 4.3
CVE-2024-37175
MEDIUM
SAP CRM WebClient UI - Missing Authorization Check
CVSS 4.3
CVE-2024-37172
MEDIUM
SAP S/4HANA Finance - Authenticated Privilege Escalation via Advanced Payment Management
CVSS 5.4
CVE-2024-39592
HIGH
SAP S4CORE - Missing Authorization Leading to Privilege Escalation
CVSS 7.7
CVE-2024-5855
MEDIUM
Media Hygiene: Remove or Delete Unused Images and More! <3.0.2 - In...
CVSS 4.3
CVE-2024-4341
MEDIUM
Extreme XDS < 3928 - Authorization Bypass via User-Controlled Key
CVSS 6.5
CVE-2024-37542
MEDIUM
WpDevArt Gallery Album < 2.0.3 - Missing Authorization
CVSS 5.4
CVE-2024-37903
HIGH
Mastodon 2.6.0-4.1.18 - Unauthorized Post Audience Extension via Crafted Activities
CVSS 8.2
CVE-2024-5641
MEDIUM
One Click Order Re-Order <1.1.9 - Info Disclosure
CVSS 6.4
CVE-2024-36113
MEDIUM
Discourse <3.2.3-3.3.0.beta4-dev - Privilege Escalation
CVSS 4.9
CVE-2024-6088
MEDIUM
LearnPress < 4.2.6.8.1 - Unauthenticated User Registration via Missing Capability Check
CVSS 5.3
CVE-2024-6012
MEDIUM
Cost Calculator Builder <= 3.2.12 - Authenticated Arbitrary Post Creation and Modification via Missing Capability Check
CVSS 4.3
CVE-2024-5545
MEDIUM
Motors - Car Dealer < 1.4.9 - Unauthenticated Arbitrary Post Unpublishing
CVSS 5.3
CVE-2024-36995
MEDIUM
Splunk Enterprise <9.2.2, <9.1.5, <9.0.10 & Splunk Cloud Platform <9.1.2312.200, <9.1.2308.207 Missing Authorization
CVSS 5.4
CVE-2024-6375
MEDIUM
MongoDB <5.0.22-6.0.11-7.0.3 - Privilege Escalation
CVSS 5.4
Details
Vulnerabilities
8,368
Exploit Likelihood
High