The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,401 vulnerabilities with CWE-862
CVE-2023-50944
MEDIUM
Apache Airflow < 2.8.1 - Authenticated Unauthorized DAG Source Code Access
CVSS 6.5
CVE-2023-48339
MEDIUM
Android - Missing Authorization in JPG Driver
CVSS 4.4
CVE-2023-23896
MEDIUM
MyThemeShop URL Shortener <1.0.17 - Info Disclosure
CVSS 5.4
CVE-2023-23882
MEDIUM
Brainstorm Force Ultimate Addons - Lite <1.5.5 - Info Disclosure
CVSS 4.3
CVE-2023-34379
MEDIUM
MagneticOne Cart2Cart: Magento to WooCommerce Migration < 2.0.0 - Missing Authorization
CVSS 5.4
CVE-2023-48926
MEDIUM
PrestaShop <v2.3.4 - Info Disclosure
CVSS 5.3
CVE-2023-34063
CRITICAL
Aria Automation - Privilege Escalation
CVSS 9.9
CVE-2023-6066
MEDIUM
WP Custom Widget area <1.2.5 - Privilege Escalation
CVSS 4.3
CVE-2023-6048
MEDIUM
Estatik Real Estate Plugin WordPress <4.1.1 - Privilege Escalation
CVSS 6.5
CVE-2023-6029
HIGH
EazyDocs < 2.3.6 - Unauthenticated Missing Authorization and CSRF Checks
CVSS 7.5
CVE-2023-5905
HIGH
DeMomentSomTres Export Posts With Images < 20220825 - Missing Authorization for Blog Data Export
CVSS 8.1
CVE-2023-6955
MEDIUM
GitLab < 16.5.6, 16.6 < 16.6.4, 16.7 < 16.7.2 - Missing Authorization in Remote Development Workspace Creation
CVSS 6.6
CVE-2023-40362
MEDIUM
CentralSquare Click2Gov Building Permit - Unauthenticated Arbitrary Contractor Deletion
CVSS 4.3
CVE-2023-6554
MEDIUM
TCExam < 15.1.0 - Unauthenticated Sensitive Information Exposure via Admin Folder
CVSS 6.5
CVE-2023-7019
MEDIUM
LightStart <= 2.6.8 - Authenticated Data Modification via Missing Capability Check
CVSS 4.3
CVE-2023-6875
CRITICAL
Wordpress POST SMTP Account Takeover
CVSS 9.8
CVE-2023-6855
MEDIUM
Paid Memberships Pro < 2.12.5 - Unauthenticated Membership Level Modification via Incorrect Capability Check
CVSS 5.3
CVE-2023-6751
HIGH
Hostinger < 1.9.7 - Unauthenticated Plugin Settings Update via publish_website Function
CVSS 7.3
CVE-2023-6742
MEDIUM
Envira Gallery < 1.8.7.1 - Authenticated Unauthorized Data Modification via Improper Capability Check
CVSS 4.3
CVE-2023-6638
MEDIUM
GTG Product Feed for Shopping <1.2.4 - Info Disclosure
CVSS 6.5
CVE-2023-6637
MEDIUM
CAOS | Host Google Analytics Locally <4.7.14 - Info Disclosure
CVSS 6.5
CVE-2023-6598
MEDIUM
SpeedyCache <1.1.3 - Info Disclosure
CVSS 4.3
CVE-2023-6504
MEDIUM
User Profile Builder <3.10.7 - Info Disclosure
CVSS 4.3
CVE-2023-6496
MEDIUM
Manage Notification E-mails <= 1.8.5 - Unauthenticated Missing Authorization via card_famne_export_settings
CVSS 5.3
CVE-2023-6369
MEDIUM
Export WP Page to Static HTML/CSS <2.1.9 - Info Disclosure
CVSS 5.4
Details
Vulnerabilities
8,401
Exploit Likelihood
High