The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,401 vulnerabilities with CWE-862
CVE-2023-23823
MEDIUM
Clever Widgets Enhanced Text Widget <1.5.8 - RCE
CVSS 4.3
CVE-2023-23814
LOW
CodePeople CP Multi View Event Calendar <1.4.13 - Info Disclosure
CVSS 3.8
CVE-2023-23725
MEDIUM
Chris Baldelomar Shortcodes <3.46 - Info Disclosure
CVSS 4.3
CVE-2023-23716
MEDIUM
Zendesk Support <1.8.4 - Info Disclosure
CVSS 4.3
CVE-2023-23715
MEDIUM
JobBoardWP < 1.2.2 - Unauthenticated Job Removal via IDOR
CVSS 5.2
CVE-2023-22708
MEDIUM
Kraken.io Image Optimizer <2.6.7 - Info Disclosure
CVSS 4.3
CVE-2023-22701
HIGH
Shopfiles Ebook Store <= 5.775 - Missing Authorization
CVSS 7.5
CVE-2023-7294
HIGH
Paytium < 4.3.7 - Authenticated Data Modification via create_mollie_profile
CVSS 7.1
CVE-2023-7293
MEDIUM
Paytium <= 4.3.7 - Authenticated Unauthorized Data Access
CVSS 4.3
CVE-2023-7292
MEDIUM
Paytium: Mollie payment forms & donations < 4.3.7 - Authenticated Notification Dismissal via Missing Capability Check
CVSS 4.3
CVE-2023-7291
HIGH
Paytium < 4.3.7 - Authenticated Data Modification via create_mollie_account
CVSS 7.1
CVE-2023-7290
MEDIUM
Paytium <= 4.3.7 - Authenticated Unauthorized Data Access via check_for_verified_profiles
CVSS 4.3
CVE-2023-7289
MEDIUM
Paytium: Mollie payment forms & donations < 4.3.7 - Authenticated API Key Update via Missing Capability Check
CVSS 5.4
CVE-2023-7288
MEDIUM
Paytium < 4.3.7 - Authenticated Data Modification via update_profile_preference
CVSS 5.4
CVE-2023-7287
MEDIUM
Paytium: Mollie payment forms & donations < 4.3.7 - Authenticated Subscription Cancellation via Missing Capability Check
CVSS 5.4
CVE-2023-39298
HIGH
QNAP QTS and QuTS hero - Missing Authorization
CVSS 7.8
CVE-2023-4730
MEDIUM
LadiApp < 4.3 - Unauthenticated Data Modification via init_endpoint()
CVSS 5.3
CVE-2023-4027
MEDIUM
Radio Player <2.0.73 - Info Disclosure
CVSS 5.3
CVE-2023-4025
MEDIUM
Radio Player <2.0.73 - Info Disclosure
CVSS 5.3
CVE-2023-4024
MEDIUM
Radio Player <2.0.73 - Info Disclosure
CVSS 5.3
CVE-2023-7268
MEDIUM
ArtPlacer Widget < 2.21.1 - Authenticated Arbitrary Widget Deletion
CVSS 6.5
CVE-2023-51375
MEDIUM
WPDeveloper EmbedPress <3.8.3 - Info Disclosure
CVSS 4.3
CVE-2023-3352
MEDIUM
Smush Image Optimization < 3.16.4 - Authenticated Unauthorized Deletion of Resmush List via delete_resmush_list()
CVSS 4.3
CVE-2023-3204
MEDIUM
Materialis <= 1.1.24 - Authenticated Arbitrary Options Update via companion_disable_popup AJAX Action
CVSS 6.5
CVE-2023-39312
CRITICAL
ThemeFusion Avada < 7.11.1 - Authenticated Unrestricted Zip Extraction
CVSS 9.1
Details
Vulnerabilities
8,401
Exploit Likelihood
High