The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,401 vulnerabilities with CWE-862
CVE-2023-51519
MEDIUM
Soliloquy Team Slider <2.7.2 - Info Disclosure
CVSS 4.3
CVE-2023-52199
MEDIUM
Matthias Pfefferle & Automattic ActivityPub <1.0.5 - Info Disclosure
CVSS 6.5
CVE-2023-51498
MEDIUM
WooCommerce Canada Post Shipping <2.8.3 - Info Disclosure
CVSS 5.3
CVE-2023-52183
MEDIUM
WebToffee WordPress Backup & Migration <1.4.3 - Info Disclosure
CVSS 5.4
CVE-2023-52179
MEDIUM
WebCodingPlace Product Expiry for WooCommerce - Info Disclosure
CVSS 5.4
CVE-2023-52217
MEDIUM
WooCommerce Conversion Tracking < 2.0.11 - Missing Authorization
CVSS 4.3
CVE-2023-52186
MEDIUM
WooCommerce Product Vendors <= 2.2.2 - Unauthenticated Missing Authorization
CVSS 5.3
CVE-2023-33922
MEDIUM
Elementor Website Builder <3.13.2 - Info Disclosure
CVSS 4.3
CVE-2023-28775
MEDIUM
Yoast SEO Premium - Info Disclosure
CVSS 5.3
CVE-2023-25799
HIGH
Themeum Tutor LMS <= 2.1.8 - Missing Authorization
CVSS 8.3
CVE-2023-6748
MEDIUM
Custom Field Template <2.6.1 - Info Disclosure
CVSS 4.3
CVE-2023-34003
MEDIUM
WooCommerce Box Office <1.1.51 - Info Disclosure
CVSS 6.5
CVE-2023-31080
HIGH
Unlimited Elements For Elementor <1.5.65 - Info Disclosure
CVSS 8.3
CVE-2023-23640
MEDIUM
MainWP UpdraftPlus Extension <= 4.0.6 - Unauthenticated Arbitrary Plugin Activation
CVSS 5.4
CVE-2023-23639
MEDIUM
MainWP Staging Extension <= 4.0.3 - Unauthenticated Arbitrary Plugin Activation
CVSS 5.4
CVE-2023-52232
MEDIUM
Booster Plus for WooCommerce < 7.1.2 - Authenticated Arbitrary Post/Page Deletion
CVSS 6.5
CVE-2023-52230
MEDIUM
Booster Plus for WooCommerce < 7.1.3 - Authenticated Arbitrary WordPress Option Disclosure
CVSS 6.5
CVE-2023-51494
MEDIUM
WooCommerce Product Vendors <2.2.1 - Info Disclosure
CVSS 5.3
CVE-2023-6491
MEDIUM
Strong Testimonials <3.1.12 - Info Disclosure
CVSS 4.3
CVE-2023-6876
MEDIUM
Clever Fox < 25.2.0 - Authenticated Theme Modification via Missing Capability Check
CVSS 5.4
CVE-2023-6966
HIGH
The Moneytizer <= 9.6.3 - Authenticated Improper Access Control in core_ajax.php
CVSS 8.1
CVE-2023-28494
MEDIUM
CodePeople Contact Form Email <1.3.31 - Functionality Misuse
CVSS 4.3
CVE-2023-28492
MEDIUM
CodePeople CP Multi View Event Calendar <1.4.10 - Info Disclosure
CVSS 4.3
CVE-2023-27460
MEDIUM
CP Contact Form with Paypal <= 1.3.34 - Missing Authorization Leading to Feedback Submission
CVSS 4.3
CVE-2023-27437
LOW
Event Espresso <4.10.44 - Auth Bypass
CVSS 3.7
Details
Vulnerabilities
8,401
Exploit Likelihood
High