The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,392 vulnerabilities with CWE-862
CVE-2024-1380
MEDIUM
Relevanssi < 4.22.1 and Relevanssi Premium < 2.25.0 - Unauthenticated Query Log Data Export
CVSS 5.3
CVE-2024-1370
MEDIUM
Maintenance Page <= 1.0.8 - Authenticated Unauthorized Data Access via subscribe_download AJAX Action
CVSS 5.3
CVE-2024-1176
MEDIUM
HT Easy GA4 - Google Analytics WordPress Plugin <= 1.1.5 - Unauthenticated Data Modification via login() Function
CVSS 5.3
CVE-2024-1158
MEDIUM
WordPress BuddyForms <2.8.7 - Info Disclosure
CVSS 4.3
CVE-2024-1127
MEDIUM
EventPrime - Events Calendar - Info Disclosure
CVSS 4.3
CVE-2024-1126
MEDIUM
EventPrime - Events Calendar - Info Disclosure
CVSS 4.3
CVE-2024-0829
MEDIUM
Comments Extra Fields For Post,Pages and CPT <5.0 - Auth Bypass
CVSS 4.3
CVE-2024-0828
MEDIUM
Play.ht - WordPress <3.6.4 - Privilege Escalation
CVSS 5.4
CVE-2024-0683
HIGH
Bulgarisation for WooCommerce <3.0.14 - Auth Bypass
CVSS 7.3
CVE-2024-0447
MEDIUM
ArtiBot Free Chat Bot - Info Disclosure
CVSS 5.0
CVE-2024-0385
MEDIUM
Categorify <= 1.0.7.4 - Authenticated Unauthorized Data Modification via categorifyAjaxAddCategory
CVSS 4.3
CVE-2024-0377
MEDIUM
LifterLMS < 7.5.1 - Unauthenticated Unrestricted Review Publication via Missing Capability Check
CVSS 5.3
CVE-2024-0369
MEDIUM
Bulk Edit Post Titles < 5.0.0 - Authenticated Arbitrary Post Title Modification via Missing Capability Check
CVSS 4.3
CVE-2024-2395
HIGH
Bulgarisation for WooCommerce <= 3.0.14 - Cross-Site Request Forgery via Missing Nonce Validation
CVSS 7.3
CVE-2024-2107
MEDIUM
Blossom Spa Theme <1.3.4 - Info Disclosure
CVSS 5.8
CVE-2024-1137
MEDIUM
TIBCO ActiveSpaces - Enterprise Edition <4.9.0 - Info Disclosure
CVSS 4.3
CVE-2024-1328
MEDIUM
Newsletter2Go < 4.0.14 - Authenticated Stored Cross-Site Scripting via Style Parameter
CVSS 6.4
CVE-2024-27900
MEDIUM
SAP ABAP Platform <795 - Privilege Escalation
CVSS 4.3
CVE-2024-1645
MEDIUM
Mollie Forms <2.6.3 - Info Disclosure
CVSS 4.3
CVE-2024-1400
MEDIUM
Mollie Forms <2.6.3 - Privilege Escalation
CVSS 4.3
CVE-2024-0052
LOW
Android - Local Information Disclosure via Missing Permission Check in HealthConnect
CVSS 3.3
CVE-2024-1870
MEDIUM
Colibri Page Builder <= 1.0.260 - Authenticated License Key Modification via callActivateLicenseEndpoint
CVSS 4.3
CVE-2024-1125
MEDIUM
EventPrime - Events Calendar - Info Disclosure
CVSS 5.4
CVE-2024-1124
MEDIUM
EventPrime - Events Calendar - Auth Bypass
CVSS 4.3
CVE-2024-1123
MEDIUM
EventPrime - Events Calendar - Info Disclosure
CVSS 6.5
Details
Vulnerabilities
8,392
Exploit Likelihood
High