The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,391 vulnerabilities with CWE-862
CVE-2024-34372
MEDIUM
AddonMaster Post Grid Master <3.4.7 - Info Disclosure
CVSS 5.3
CVE-2024-34371
MEDIUM
Hamid Alinia - idehweb <1.7.18 - Info Disclosure
CVSS 4.3
CVE-2024-33912
HIGH
Academy LMS <= 1.9.16 - Missing Authorization
CVSS 7.1
CVE-2024-33910
MEDIUM
Supsystic Digital Publications <1.7.7 - Info Disclosure
CVSS 5.3
CVE-2024-1050
MEDIUM
WordPress <1.26.5 - Privilege Escalation
CVSS 4.3
CVE-2024-3237
MEDIUM
WordPress ConvertPlug <3.5.25 - Info Disclosure
CVSS 5.4
CVE-2024-33937
MEDIUM
Nico Martin PWA <2.1.13 - Info Disclosure
CVSS 4.3
CVE-2024-33931
MEDIUM
ilGhera JW Player for WordPress <2.3.3 - Info Disclosure
CVSS 6.5
CVE-2024-33929
MEDIUM
wpWax Directorist <7.8.6 - Info Disclosure
CVSS 5.3
CVE-2024-33925
MEDIUM
Embed Google Fonts <3.1.0 - Info Disclosure
CVSS 4.3
CVE-2024-33923
MEDIUM
Smartypants SP Project & Document Manager <4.69 - Info Disclosure
CVSS 6.3
CVE-2024-33920
MEDIUM
Kama Democracy Poll <6.0.3 - Info Disclosure
CVSS 5.3
CVE-2024-33919
MEDIUM
Rometheme RomethemeKit For Elementor <1.4.1 - Info Disclosure
CVSS 6.5
CVE-2024-33915
MEDIUM
Bowo Debug Log Manager <2.3.1 - Info Disclosure
CVSS 4.3
CVE-2024-33914
MEDIUM
Exclusive Addons Elementor < 2.6.9.1 - Missing Authorization on Post Duplication
CVSS 4.3
CVE-2024-33941
MEDIUM
Avirtum iPanorama 360 <1.8.1 - Info Disclosure
CVSS 5.3
CVE-2024-32810
HIGH
ShortPixel Critical CSS <1.0.2 - Info Disclosure
CVSS 7.6
CVE-2024-24710
MEDIUM
SlickRemix Feed Them Social <4.2.0 - Info Disclosure
CVSS 4.3
CVE-2024-3942
MEDIUM
MasterStudy LMS WordPress Plugin <= 3.3.8 - Authenticated Missing Authorization
CVSS 6.3
CVE-2024-3936
MEDIUM
The Post Grid < 7.6.1 - Authenticated Unauthorized Data Modification via rtTPGSaveSettings Function
CVSS 4.3
CVE-2024-3897
MEDIUM
Popup Box - Best WordPress Popup Plugin <4.3.6 - Info Disclosure
CVSS 5.3
CVE-2024-3895
HIGH
WP Datepicker <= 2.1.0 - Authenticated Arbitrary Option Update via wpdp_add_new_datepicker_ajax
CVSS 8.8
CVE-2024-3607
MEDIUM
PropertyHive <= 2.0.12 - Authenticated Arbitrary Post Deletion via Missing Capability Check
CVSS 4.3
CVE-2024-3606
MEDIUM
ProfileGrid <= 5.8.3 - Authenticated Unauthorized Data Deletion
CVSS 4.3
CVE-2024-3601
MEDIUM
Poll Maker WordPress Plugin <= 5.1.8 - Unauthenticated Sensitive Data Exposure
CVSS 5.3
Details
Vulnerabilities
8,391
Exploit Likelihood
High