The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,394 vulnerabilities with CWE-862
CVE-2024-1492
MEDIUM
WPify Woo Czech <= 4.0.8 - Unauthenticated Unauthorized Data Access via maybe_send_to_packeta Function
CVSS 5.3
CVE-2024-1390
MEDIUM
Paid Membership Subscriptions < 2.11.1 - Authenticated Data Modification via creating_pricing_table_page
CVSS 4.3
CVE-2024-1389
MEDIUM
Paid Membership Subscriptions < 2.11.1 - Unauthenticated Stripe Payment Key Modification via Missing Capability Check
CVSS 5.3
CVE-2024-1340
MEDIUM
Login Lockdown - Protect Login Form < 2.09 - Authenticated Unauthorized Data Access via generate_export_file Function
CVSS 5.4
CVE-2024-1337
MEDIUM
SKT Page Builder <= 4.1 - Authenticated Arbitrary Content Injection via saveSktbuilderPageData
CVSS 4.3
CVE-2024-1322
MEDIUM
Directorist < 7.8.5 - Unauthenticated Data Modification via Missing Capability Check
CVSS 5.3
CVE-2024-1318
MEDIUM
RSS Aggregator by Feedzy < 4.4.2 - Authenticated Arbitrary Post Creation via Missing Capability Check
CVSS 6.5
CVE-2024-1288
MEDIUM
Schema & Structured Data for WP & AMP <1.27 - Privilege Escalation
CVSS 4.3
CVE-2024-1218
MEDIUM
Kali Forms <2.3.41 - Privilege Escalation
CVSS 4.3
CVE-2024-1217
HIGH
Kali Forms <2.3.41 - Privilege Escalation
CVSS 7.6
CVE-2024-1133
MEDIUM
Tutor LMS - WordPress <2.6.0 - Info Disclosure
CVSS 4.3
CVE-2024-1130
MEDIUM
NEX-Forms < 8.5.6 - Authenticated Missing Authorization in set_read() Function
CVSS 5.3
CVE-2024-1129
MEDIUM
NEX-Forms < 8.5.6 - Authenticated Missing Authorization in set_starred() Function
CVSS 5.3
CVE-2024-1091
MEDIUM
ImageRecycle pdf & image compression <= 3.1.13 - Authenticated Data Modification via Missing Capability Check
CVSS 4.3
CVE-2024-1090
MEDIUM
ImageRecycle pdf & image compression <= 3.1.13 - Authenticated Data Modification via stopOptimizeAll Function
CVSS 4.3
CVE-2024-1089
MEDIUM
ImageRecycle pdf & image compression <= 3.1.13 - Authenticated Unauthorized Data Modification via optimizeAllOn Function
CVSS 4.3
CVE-2024-1044
MEDIUM
Customer Reviews for WooCommerce <= 5.38.12 - Unauthenticated Arbitrary Review Submission via Missing Capability Check
CVSS 5.3
CVE-2024-1043
MEDIUM
Ampforwp Accelerated Mobile Pages < 1.0.93.2 - Missing Authorization
CVSS 6.5
CVE-2024-0984
MEDIUM
ImageRecycle <3.1.13 - Info Disclosure
CVSS 4.3
CVE-2024-0983
MEDIUM
ImageRecycle <3.1.13 - Info Disclosure
CVSS 4.3
CVE-2024-0907
MEDIUM
NEX-Forms < 8.5.6 - Authenticated Unauthorized Record Restoration via restore_records()
CVSS 5.3
CVE-2024-0702
HIGH
Oliver POS - WooCommerce Point of Sale <2.4.1.8 - Privilege Escalation
CVSS 7.3
CVE-2024-0516
MEDIUM
Royal Elementor Addons & Templates <1.3.87 - Info Disclosure
CVSS 5.3
CVE-2024-1861
MEDIUM
Anti Hacker Scan <= 4.52 - Authenticated Data Modification
CVSS 4.3
CVE-2024-1860
MEDIUM
Anti Hacker Scan <= 4.51 - Unauthenticated Data Modification
CVSS 6.5
Details
Vulnerabilities
8,394
Exploit Likelihood
High