The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,392 vulnerabilities with CWE-862
CVE-2024-24718
MEDIUM
PropertyHive <2.0.6 - Info Disclosure
CVSS 4.3
CVE-2024-24711
MEDIUM
WooCommerce Conversion Tracking <2.0.11 - Info Disclosure
CVSS 4.3
CVE-2024-23520
MEDIUM
AccessAlly PopupAlly <= 2.1.0 - Missing Authorization
CVSS 4.3
CVE-2024-24805
MEDIUM
WP Dummy Content Generator <3.1.2 - Info Disclosure
CVSS 5.3
CVE-2024-24840
MEDIUM
BdThemes Element Pack <5.4.11 - Info Disclosure
CVSS 4.3
CVE-2024-24835
MEDIUM
BEAR < 1.1.4 - Missing Authorization
CVSS 4.3
CVE-2024-24832
HIGH
Metagauss EventPrime <3.3.9 - Info Disclosure
CVSS 8.2
CVE-2024-27190
MEDIUM
Jean-David Daviet Download Media <1.4.2 - Info Disclosure
CVSS 4.3
CVE-2024-1502
MEDIUM
Tutor LMS < 2.6.1 - Authenticated Arbitrary Post Deletion via Missing Capability Check
CVSS 5.4
CVE-2024-2702
HIGH
Olive One Click Demo Import < 1.1.1 - Unauthenticated Missing Authorization leading to XSS
CVSS 8.2
CVE-2024-1844
MEDIUM
RevivePress <= 1.5.6 - Authenticated Unauthorized Data Access/Modification via import_data/copy_data
CVSS 4.3
CVE-2024-1181
MEDIUM
Coming Soon, Under Construction & Maintenance Mode By Dazzler <2.1....
CVSS 5.3
CVE-2024-1119
MEDIUM
Order Tip for WooCommerce <1.3.1 - Info Disclosure
CVSS 5.3
CVE-2024-2538
MEDIUM
Permalink Manager Lite <= 2.4.3.1 - Authenticated Arbitrary Permalink Modification via Missing Capability Check
CVSS 5.4
CVE-2024-1995
MEDIUM
Smart Custom Fields <= 4.2.2 - Authenticated Unauthorized Data Access via relational_posts_search()
CVSS 4.3
CVE-2024-0780
HIGH
WordPress plugin <6.2.2 - Privilege Escalation
CVSS 8.8
CVE-2024-22257
HIGH
Spring Security <5.7.12-<6.1.8 - Privilege Escalation
CVSS 8.2
CVE-2024-1857
MEDIUM
The Ultimate Gift Cards for WooCommerce - Info Disclosure
CVSS 5.3
CVE-2024-1733
MEDIUM
Word Replacer Pro <= 1.0 - Unauthenticated Arbitrary Content Modification via word_replacer_ultra() Function
CVSS 5.3
CVE-2024-23944
MEDIUM
Apache ZooKeeper 3.6.0-3.7.1 and 3.8.0-3.8.3 - Information Disclosure via Persistent Watcher ACL Bypass
CVSS 5.3
CVE-2024-27953
MEDIUM
Cool Plugins Cryptocurrency Widgets - Price Ticker & Coins List < 2.6.8 - Missing Authorization
CVSS 4.7
CVE-2024-1862
HIGH
WooCommerce Add to Cart Custom Redirect <= 1.2.13 - Authenticated Arbitrary Site Option Modification
CVSS 8.1
CVE-2024-1843
MEDIUM
Auto Affiliate Links <= 6.4.3 - Authenticated Arbitrary Link Injection via aalAddLink Function
CVSS 4.3
CVE-2024-1763
MEDIUM
Wp Social Login and Register Social Counter <= 3.0.0 - Unauthenticated Data Modification via REST API Endpoint
CVSS 6.5
CVE-2024-1690
MEDIUM
TeraWallet < 1.4.11 - Authenticated Unauthorized Data Access via terawallet_export_user_search
CVSS 4.3
Details
Vulnerabilities
8,392
Exploit Likelihood
High