The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,401 vulnerabilities with CWE-862
CVE-2023-6883
MEDIUM
Easy Social Feed < 6.5.2 - Authenticated Unauthorized Data Modification via AJAX Functions
CVSS 4.3
CVE-2023-6158
MEDIUM
EventON WordPress Plugin <=4.5.4 (Pro) & <=2.2.7 (Lite) - Unauthenticated Post Metadata Manipulation
CVSS 6.5
CVE-2023-48247
MEDIUM
Bosch nexo-os 1000-1500-sp2 - Unauthenticated Arbitrary File Read via Crafted HTTP Request
CVSS 5.3
CVE-2023-48245
MEDIUM
Bosch nexo-os 1000-1500-sp2 - Unauthenticated Arbitrary File Upload
CVSS 6.5
CVE-2023-6383
HIGH
Debug Log Manager <2.3.0 - Info Disclosure
CVSS 7.5
CVE-2023-6798
MEDIUM
RSS Aggregator by Feedzy < 4.3.2 - Authenticated Settings Update via Missing Capability Check
CVSS 5.4
CVE-2023-6733
MEDIUM
WP-Members Membership Plugin <= 3.4.8 - Authenticated Sensitive Information Exposure via wpmem_field Shortcode
CVSS 6.5
CVE-2023-7068
MEDIUM
WooCommerce PDF Invoices & Packing Slips <= 4.3.0 - Authenticated Sensitive Data Exposure
CVSS 4.3
CVE-2023-6600
HIGH
OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. <5.7.9 - XSS
CVSS 8.6
CVE-2023-42358
HIGH
O-RAN Software Community ric-plt-e2mgr - Denial of Service via E2Manager API
CVSS 7.7
CVE-2023-4164
HIGH
Android - Unauthenticated Local Information Disclosure of Health Data
CVSS 8.4
CVE-2023-47458
CRITICAL
bladex springblade < 3.7.0 - Missing Authorization
CVSS 9.8
CVE-2023-5877
CRITICAL
affiliate-toolkit < 3.4.3 - Unauthenticated Server-Side Request Forgery via atkp_imagereceiver.php Endpoint
CVSS 9.8
CVE-2023-52275
LOW
Tecno Camon X CA7 Gallery3d - Unauthenticated Hidden Image Exposure via Private Album Directory
CVSS 2.1
CVE-2023-4468
MEDIUM
Poly Trio 8800 Firmware - Missing Authorization in Poly Lens Management Cloud Registration
CVSS 4.3
CVE-2023-22676
LOW
Advanced Custom Fields < 1.4.12 - Missing Authorization
CVSS 3.1
CVE-2023-49230
HIGH
Peplink Balance Two <8.4.0 - Auth Bypass
CVSS 8.8
CVE-2023-49229
MEDIUM
Peplink Balance Two <8.4.0 - Info Disclosure
CVSS 4.3
CVE-2023-49003
MEDIUM
Simple Mobile Tools Simple Dialer <5.18.1 - Auth Bypass
CVSS 5.3
CVE-2023-51650
HIGH
Hertzbeat < 1.4.1 - Unauthenticated Sensitive Information Disclosure via Spring Boot Permission Misconfiguration
CVSS 7.5
CVE-2023-22674
MEDIUM
Hal Gatewood Dashicons + Custom Post Types < 1.0.2 - Cross-Site Request Forgery
CVSS 5.4
CVE-2023-25715
MEDIUM
GamiPress < 2.5.6 - Missing Authorization Leading to Points Manipulation
CVSS 5.4
CVE-2023-48751
MEDIUM
Roland Barker, xnau webdesign Participants Database <2.5.5 - CSRF
CVSS 4.3
CVE-2023-47754
MEDIUM
Delete Duplicate Posts < 4.8.9 - Missing Authorization
CVSS 4.3
CVE-2023-46212
MEDIUM
WP EXtra < 6.2 - Missing Authorization and Cross-Site Request Forgery
CVSS 6.3
Details
Vulnerabilities
8,401
Exploit Likelihood
High