The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,388 vulnerabilities with CWE-862
CVE-2024-4355
MEDIUM
Block Bad Bots <= 10.23 - Authenticated Unauthorized Data Access
CVSS 4.3
CVE-2024-3277
MEDIUM
Yumpu ePaper publishing plugin <2.0.24 - Info Disclosure
CVSS 5.0
CVE-2024-36377
MEDIUM
JetBrains TeamCity <2024.03.2 - Privilege Escalation
CVSS 6.5
CVE-2024-36036
MEDIUM
Zoho ManageEngine ADAudit Plus <=7.260 - Info Disclosure
CVSS 4.2
CVE-2024-35237
HIGH
MIT IdentiBot <48e3e5e7ead6777fa75d57c7711c8e55b501c24e - Info Disc...
CVSS 7.5
CVE-2024-4858
MEDIUM
Testimonial Carousel For Elementor <= 10.2.0 - Unauthenticated Data Modification via save_testimonials_option_callback
CVSS 5.3
CVE-2024-5318
MEDIUM
GitLab CE/EE <16.10.6/<16.11.3/<17.0.1 - Info Disclosure
CVSS 4.0
CVE-2024-1376
MEDIUM
Event post < 5.9.5 - Authenticated Unauthorized Bulk Metadata Update via save_bulkdatas Function
CVSS 4.3
CVE-2024-0893
MEDIUM
Schema App Structured Data plugin - Info Disclosure
CVSS 4.3
CVE-2024-3711
MEDIUM
Brizy < 2.4.44 - Authenticated Plugin Setting Update via Missing Capability Check
CVSS 4.3
CVE-2024-3626
MEDIUM
Email Subscribers by Icegram Express - Info Disclosure
CVSS 4.3
CVE-2024-20355
MEDIUM
Cisco ASA/FTD - Privilege Escalation
CVSS 5.0
CVE-2024-2036
MEDIUM
WordPress ApplyOnline <2.6 - Info Disclosure
CVSS 4.3
CVE-2024-3663
MEDIUM
WP Scraper <5.7 - Privilege Escalation
CVSS 4.3
CVE-2024-0453
MEDIUM
WordPress AI ChatBot <5.3.4 - Info Disclosure
CVSS 5.0
CVE-2024-0452
MEDIUM
WordPress AI ChatBot <5.3.4 - Info Disclosure
CVSS 5.0
CVE-2024-0451
MEDIUM
WordPress AI ChatBot <5.3.4 - Info Disclosure
CVSS 5.0
CVE-2024-3268
MEDIUM
YouTube Video Gallery by YouTube Showcase < 3.3.6 - Unauthenticated Arbitrary Post Creation via Missing Capability Check
CVSS 5.3
CVE-2024-4875
MEDIUM
HT Mega < 2.5.3 - Authenticated Data Modification via Missing Capability Check
CVSS 4.3
CVE-2024-4566
HIGH
ShopLentor <= 2.8.8 - Authenticated Arbitrary Option Modification via ajax_dismiss Function
CVSS 7.1
CVE-2024-3761
HIGH
lunary < 1.2.8 - Unauthenticated Dataset Deletion via DELETE Endpoint
CVSS 7.5
CVE-2024-2782
HIGH
WordPress FluentForms <= 5.1.16 - Broken Access Control
CVSS 7.5
CVE-2024-2771
CRITICAL
Contact Form Plugin by Fluent Forms < 5.1.17 - Unauthenticated Limited Privilege Escalation
CVSS 9.8
CVE-2024-35174
MEDIUM
Flothemes Flo Forms <1.0.42 - Info Disclosure
CVSS 5.3
CVE-2024-32802
MEDIUM
WordPlus BP Better Messages <2.4.32 - Info Disclosure
CVSS 5.3
Details
Vulnerabilities
8,388
Exploit Likelihood
High