The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,394 vulnerabilities with CWE-862
CVE-2024-1566
MEDIUM
Redirects <= 1.2.1 - Unauthenticated Arbitrary Redirect Modification via Missing Capability Check
CVSS 6.5
CVE-2024-1516
MEDIUM
WP eCommerce < 3.15.1 - Unauthenticated Arbitrary Post Creation via check_for_saas_push()
CVSS 5.3
CVE-2024-1368
MEDIUM
Page Duplicator < 0.1.1 - Unauthenticated Arbitrary Post and Page Duplication via Missing Capability Check
CVSS 5.3
CVE-2024-1136
MEDIUM
WordPress Coming Soon Page & Maintenance Mode <2.2.1 - Info Disclosure
CVSS 5.3
CVE-2024-0766
MEDIUM
Envo's Elementor Templates & Widgets - Info Disclosure
CVSS 4.3
CVE-2024-1388
MEDIUM
Yuki < 1.3.14 - Authenticated Missing Authorization in reset_customizer_options()
CVSS 4.3
CVE-2024-1653
MEDIUM
Categorify <= 1.0.7.4 - Authenticated Unauthorized Data Modification via categorifyAjaxUpdateFolderPosition
CVSS 4.3
CVE-2024-1652
MEDIUM
Categorify <= 1.0.7.4 - Authenticated Data Modification via categorifyAjaxClearCategory Function
CVSS 4.3
CVE-2024-1650
MEDIUM
Categorify <= 1.0.7.4 - Authenticated Category Renaming via Missing Capability Check
CVSS 4.3
CVE-2024-1649
MEDIUM
Categorify <= 1.0.7.4 - Authenticated Category Deletion via Missing Capability Check
CVSS 4.3
CVE-2024-1687
MEDIUM
Thank You Page Customizer for WooCommerce < 1.1.2 - Authenticated Arbitrary Shortcode Execution
CVSS 5.4
CVE-2024-1686
MEDIUM
Thank You Page Customizer for WooCommerce < 1.1.2 - Authenticated Missing Authorization via apply_layout Function
CVSS 4.3
CVE-2024-1710
HIGH
Addon Library <= 1.3.76 - Authenticated Arbitrary File Upload via Missing Capability Check
CVSS 8.8
CVE-2024-1779
MEDIUM
Admin side data storage for Contact Form 7 <= 1.1.1 - Unauthenticated Data Modification via zt_dcfcf_change_status()
CVSS 5.3
CVE-2024-1778
MEDIUM
Admin side data storage for Contact Form 7 <= 1.1.1 - Unauthenticated Data Modification via zt_dcfcf_change_bookmark()
CVSS 4.3
CVE-2024-1053
MEDIUM
Event Tickets and Registration <= 5.8.1 - Authenticated Unauthorized Data Access via Email Action
CVSS 4.3
CVE-2024-26138
MEDIUM
XWiki Licensor Application < 1.24.2 - Unauthenticated Information Disclosure via LicenseJSON Document
CVSS 5.3
CVE-2024-0593
MEDIUM
Simple Job Board <2.10.8 - Info Disclosure
CVSS 5.3
CVE-2024-1562
MEDIUM
WooCommerce Google Sheet Connector < 1.3.11 - Unauthenticated Plugin Settings Modification
CVSS 5.3
CVE-2024-1108
MEDIUM
WordPress Plugin Groups <2.0.6 - Info Disclosure
CVSS 6.5
CVE-2024-0038
HIGH
Android - Missing Authorization in AccessibilityManagerService Input Event Injection
CVSS 7.8
CVE-2024-0037
LOW
Android - Missing Authorization in SaveUi.java
CVSS 3.3
CVE-2024-25643
MEDIUM
SAP Fiori My Overtime Request 605 - Authenticated Missing Authorization
CVSS 4.3
CVE-2024-24741
MEDIUM
SAP Master Data Governance - Privilege Escalation
CVSS 4.3
CVE-2024-24739
MEDIUM
SAP Bank Account Management - Authenticated Privilege Escalation
CVSS 6.3
Details
Vulnerabilities
8,394
Exploit Likelihood
High