The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,394 vulnerabilities with CWE-862
CVE-2024-0596
MEDIUM
Awesome Support WordPress Plugin <= 6.1.7 - Authenticated Data Access via editor_html()
CVSS 5.3
CVE-2024-0595
MEDIUM
Awesome Support WordPress Plugin <= 6.1.7 - Unauthorized Data Access
CVSS 4.3
CVE-2024-1122
MEDIUM
Eventin < 3.3.51 - Unauthenticated Data Export via export_data() Function
CVSS 5.3
CVE-2024-24822
MEDIUM
Pimcore <1.3.3 - Privilege Escalation
CVSS 6.5
CVE-2024-1110
MEDIUM
Podlove Podcast Publisher <4.0.11 - Info Disclosure
CVSS 5.3
CVE-2024-1109
MEDIUM
Podlove Podcast Publisher <4.0.11 - Info Disclosure
CVSS 5.3
CVE-2024-1079
MEDIUM
Quiz Maker <= 6.5.2.4 - Unauthenticated Arbitrary Quiz Results Access via ays_show_results()
CVSS 5.3
CVE-2024-1078
MEDIUM
Quiz Maker <= 6.5.2.4 - Authenticated Arbitrary Quiz Creation via Missing Capability Check
CVSS 4.3
CVE-2024-1177
MEDIUM
WP Club Manager < 2.2.10 - Unauthenticated Permalink Structure Modification via Missing Capability Check
CVSS 5.3
CVE-2024-1121
MEDIUM
Advanced Forms for ACF <1.9.3.2 - Info Disclosure
CVSS 5.3
CVE-2024-1092
MEDIUM
RSS Aggregator by Feedzy < 4.4.1 - Authenticated Unauthorized Data Modification via Missing Capability Check
CVSS 4.3
CVE-2024-1072
HIGH
Website Builder by SeedProd < 6.15.21 - Unauthenticated Data Modification via seedprod_lite_new_lpage Function
CVSS 8.2
CVE-2024-0869
HIGH
Instant Images - One Click Image Uploads from Unsplash, Openverse, ...
CVSS 8.8
CVE-2024-0835
MEDIUM
Royal Elementor Kit <1.0.116 - Privilege Escalation
CVSS 4.3
CVE-2024-0797
MEDIUM
WooCommerce <1.0.6.1 - Privilege Escalation
CVSS 4.3
CVE-2024-0791
MEDIUM
Pluginus Wolf - Wordpress Posts Bulk Editor And Products Manager Professional < 1.0.8.1 - Missing Authorization
CVSS 4.3
CVE-2024-0372
MEDIUM
Views for WPForms <= 3.2.2 - Authenticated Unauthorized Data Access via get_form_fields
CVSS 4.3
CVE-2024-0371
MEDIUM
Views for WPForms < 3.2.2 - Authenticated Unauthorized Data Modification via create_view Function
CVSS 4.3
CVE-2024-0370
MEDIUM
Views for WPForms < 3.2.2 - Authenticated Unauthorized Data Modification via Missing Capability Check
CVSS 4.3
CVE-2024-0324
HIGH
User Profile Builder < 3.10.8 - Unauthenticated Two-Factor Authentication Settings Modification
CVSS 8.2
CVE-2024-1047
MEDIUM
ThemeIsle SDK - Unauthenticated Data Modification via register_reference() Missing Capability Check
CVSS 5.3
CVE-2024-0836
MEDIUM
WordPress Review & Structure Data Schema Plugin - Info Disclosure
CVSS 4.3
CVE-2024-23388
MEDIUM
Mercari < 5.78.0 - Missing Authorization in Custom URL Scheme Handler
CVSS 6.1
CVE-2024-21630
MEDIUM
Zulip Server 1.9.0-6.2 - Missing Authorization for Multi-Use Invitation Stream Access
CVSS 4.3
CVE-2024-0617
MEDIUM
Category Discount Woocommerce <4.12 - Info Disclosure
CVSS 5.3
Details
Vulnerabilities
8,394
Exploit Likelihood
High