The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,391 vulnerabilities with CWE-862
CVE-2024-32828
MEDIUM
Octolize Flexible Shipping <4.24.15 - Info Disclosure
CVSS 4.3
CVE-2024-32826
MEDIUM
Vektor,Inc. VK Block Patterns <1.31.0 - Info Disclosure
CVSS 5.3
CVE-2024-3678
MEDIUM
Blog2Social: Social Media Auto Post & Scheduler - Info Disclosure
CVSS 5.3
CVE-2024-4163
HIGH
Skylab IGX IIoT Gateway - Privilege Escalation
CVSS 8.0
CVE-2024-33667
MEDIUM
Zammad < 6.3.0 - Authenticated Denial of Service via Generic Method Endpoint
CVSS 6.5
CVE-2024-3893
MEDIUM
Classified Listing < 3.0.11 - Authenticated Arbitrary Attachment Deletion via rtcl_fb_gallery_image_delete AJAX Action
CVSS 4.3
CVE-2024-32678
MEDIUM
TrackShip for WooCommerce <1.7.5 - Info Disclosure
CVSS 5.3
CVE-2024-32677
MEDIUM
LoginPress Pro <3.0.0 - Info Disclosure
CVSS 5.3
CVE-2024-32675
MEDIUM
Xfinity Soft Order Limit for WooCommerce <2.0.0 - Info Disclosure
CVSS 6.5
CVE-2024-32432
MEDIUM
Ovic Addon Toolkit <2.6.1 - Info Disclosure
CVSS 4.3
CVE-2024-32951
MEDIUM
BloomPixel Max Addons Pro - Info Disclosure
CVSS 6.5
CVE-2024-32948
CRITICAL
ARMember < 4.0.28 - Missing Authorization
CVSS 9.1
CVE-2024-32679
MEDIUM
Shared Files <1.7.16 - Info Disclosure
CVSS 5.3
CVE-2024-0900
MEDIUM
Elespare WordPress <2.1.2 - Privilege Escalation
CVSS 4.3
CVE-2024-3664
MEDIUM
WordPress <13.7.0 - Info Disclosure
CVSS 4.3
CVE-2024-32656
HIGH
Ant Media Server 2.6.0-2.8.2 - Unauthenticated Local Privilege Escalation via JMX MLet Bean
CVSS 7.8
CVE-2024-32691
MEDIUM
realmag777 Active Products Tables for WooCommerce <1.0.6.2 - Info D...
CVSS 5.3
CVE-2024-32688
MEDIUM
Long Watch Studio MyRewards <5.3.0 - Info Disclosure
CVSS 6.5
CVE-2024-32687
MEDIUM
WPClever WPC <7.0.3 - Info Disclosure
CVSS 4.3
CVE-2024-32684
MEDIUM
Wpmet Wp Ultimate Review <= 2.2.5 - Missing Authorization
CVSS 5.3
CVE-2024-32682
HIGH
BdThemes Prime Slider - Addons For Elementor <= 3.13.2 - Missing Authorization
CVSS 7.1
CVE-2024-32681
MEDIUM
Prime Slider - Addons For Elementor < 3.13.2 - Missing Authorization
CVSS 4.3
CVE-2024-3600
HIGH
Poll Maker WordPress Plugin <= 5.1.8 - Unauthenticated Stored XSS via ays_poll_maker_quick_start
CVSS 7.2
CVE-2024-32466
LOW
Tolgee < 3.57.2 - Missing Authorization for Translation Data via API Endpoints
CVSS 2.7
CVE-2024-32689
MEDIUM
GenialSouls WP Social Comments <1.7.3 - Info Disclosure
CVSS 4.3
Details
Vulnerabilities
8,391
Exploit Likelihood
High