The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,392 vulnerabilities with CWE-862
CVE-2024-25922
MEDIUM
Peach Payments Gateway <3.1.9 - Info Disclosure
CVSS 5.4
CVE-2024-25912
CRITICAL
Skymoonlabs MoveTo <6.2 - Info Disclosure
CVSS 9.8
CVE-2024-25908
MEDIUM
JoomUnited WP Media <5.7.2 - Info Disclosure
CVSS 4.3
CVE-2024-25907
MEDIUM
JoomUnited WP Media <5.7.2 - Info Disclosure
CVSS 5.4
CVE-2024-24883
MEDIUM
BdThemes Prime Slider - Auth Bypass
CVSS 4.3
CVE-2024-24850
MEDIUM
Quicksand Post Filter jQuery Plugin <3.1.1 - Info Disclosure
CVSS 5.3
CVE-2024-31997
CRITICAL
XWiki Platform <4.10.19, 15.5.4, 15.10-rc-1 - RCE
CVSS 9.9
CVE-2024-31987
CRITICAL
XWiki Platform <6.4-4.10.19, 15.5.4, 15.10-rc-1 - RCE
CVSS 9.9
CVE-2024-31983
CRITICAL
XWiki Platform <4.10.20, 15.5.4, 15.10-rc-1 - RCE
CVSS 9.9
CVE-2024-31981
CRITICAL
XWiki Platform <4.10.20, 15.5.4, 15.10-rc-1 - RCE
CVSS 9.9
CVE-2024-31242
MEDIUM
Bricksforge <2.0.17 - Info Disclosure
CVSS 5.3
CVE-2024-31230
MEDIUM
ShortPixel Adaptive Images <3.8.2 - Info Disclosure
CVSS 5.3
CVE-2024-31343
HIGH
Sonaar MP3 Audio Player for Music, Radio & Podcast < 4.10.1 - Unauthenticated Arbitrary File Download
CVSS 7.5
CVE-2024-31342
MEDIUM
WordPress Gallery Exporter <1.4 - Info Disclosure
CVSS 6.5
CVE-2024-31358
HIGH
Saleswonder.Biz 5 Stars Rating Funnel <1.2.67 - Info Disclosure
CVSS 7.5
CVE-2024-31297
HIGH
Wholesale For WooCommerce < 2.3.0 - Unauthenticated Arbitrary Post/Page Creation
CVSS 7.5
CVE-2024-3235
MEDIUM
Essential Grid Gallery WordPress Plugin <3.1.1 - Info Disclosure
CVSS 5.3
CVE-2024-1042
MEDIUM
WP Radio < 3.1.9 - Authenticated Data Modification via AJAX Functions
CVSS 6.4
CVE-2024-1041
MEDIUM
WP Radio < 3.1.9 - Authenticated Stored Cross-Site Scripting via Plugin Settings
CVSS 6.4
CVE-2024-3213
MEDIUM
Relevanssi < 4.22.2 - Unauthenticated Denial of Service via relevanssi_update_counts()
CVSS 5.3
CVE-2024-3097
MEDIUM
NextGEN Gallery <= 3.59 - Unauthenticated Sensitive Data Exposure via get_item Function
CVSS 5.3
CVE-2024-2543
MEDIUM
Permalink Manager Lite <= 2.4.3.1 - Unauthenticated Data Access via Missing Capability Check
CVSS 4.3
CVE-2024-2222
MEDIUM
Advanced Classifieds & Directory Pro <3.0.0 - Info Disclosure
CVSS 4.3
CVE-2024-2033
MEDIUM
Video Conferencing with Zoom plugin <4.4.5 - Info Disclosure
CVSS 4.3
CVE-2024-1991
HIGH
RegistrationMagic - Privilege Escalation
CVSS 8.8
Details
Vulnerabilities
8,392
Exploit Likelihood
High