The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,407 vulnerabilities with CWE-862
CVE-2022-22108
MEDIUM
Daybyday CRM <2.2.0 - Info Disclosure
CVSS 4.3
CVE-2022-22107
MEDIUM
Daybyday CRM <2.2.0 - Info Disclosure
CVSS 4.3
CVE-2021-47932
CRITICAL
WordPress TheCartPress 1.5.3.6 Privilege Escalation Unauthenticated
CVSS 9.8
CVE-2021-47812
CRITICAL
GravCMS 1.10.7 - Unauthenticated Arbitrary YAML Write and PHP Execution via Scheduler Endpoint
CVSS 9.8
CVE-2021-47701
HIGH
OpenBMCS 2.4 - Privilege Escalation via User Permissions Update Script
CVSS 8.8
CVE-2021-47662
HIGH
Franka Emika Robot - Denial of Service via Unauthorized Shutdown
CVSS 7.5
CVE-2021-3987
MEDIUM
calibre-web < 0.6.15 - Improper Access Control in Shelf Creation
CVSS 4.3
CVE-2021-4448
HIGH
Kaswara Modern VC Addons <= 3.0.1 - Unauthenticated Authorization Bypass via AJAX Actions
CVSS 7.3
CVE-2021-4447
HIGH
Essential Addons for Elementor < 4.6.4 - Privilege Escalation via Registration Form Role Manipulation
CVSS 8.8
CVE-2021-4446
MEDIUM
Essential Addons for Elementor <= 4.6.4 - Authenticated Authorization Bypass via Missing Capability Checks
CVSS 6.3
CVE-2021-4445
MEDIUM
Premium Addons for Elementor < 4.5.1 - Authenticated Arbitrary Option Update via pa_dismiss_admin_notice AJAX Action
CVSS 6.5
CVE-2021-4444
HIGH
Product Filter by WooBeWoo <1.4.9 - Auth Bypass
CVSS 7.3
CVE-2021-35001
MEDIUM
BMC Track-It! - Authenticated Information Disclosure via GetData Endpoint
CVSS 6.5
CVE-2021-39810
HIGH
Android - Missing Authorization in CardEmulationManager
CVSS 7.8
CVE-2021-4353
MEDIUM
WooCommerce Dynamic Pricing & Discounts <2.4.1 - Info Disclosure
CVSS 5.3
CVE-2021-4388
MEDIUM
Opal Estate <= 1.6.11 - Unauthenticated Featured Property Modification via Missing Authorization
CVSS 4.3
CVE-2021-4379
MEDIUM
WooCommerce Multi Currency <2.1.17 - Auth Bypass
CVSS 6.5
CVE-2021-4337
HIGH
Sixteen XforWooCommerce Add-On Plugins - Auth Bypass
CVSS 8.8
CVE-2021-4383
HIGH
WP Quick FrontEnd Editor < 5.5 - Authenticated Page Content Injection via Missing Capability Checks
CVSS 8.1
CVE-2021-4381
CRITICAL
uListing < 1.7 - Unauthenticated Authorization Bypass via wp_route
CVSS 9.8
CVE-2021-4376
MEDIUM
WooCommerce Multi Currency <2.1.17 - Auth Bypass
CVSS 4.3
CVE-2021-4375
MEDIUM
Welcart e-Commerce <2.2.7 - Auth Bypass
CVSS 4.3
CVE-2021-4374
CRITICAL
WordPress Automatic <3.53.2 - Info Disclosure
CVSS 9.1
CVE-2021-4371
MEDIUM
WP Quick FrontEnd Editor <5.5 - Privilege Escalation
CVSS 4.3
CVE-2021-4370
CRITICAL
uListing <= 1.6.6 - Unauthenticated Authorization Bypass via Missing Security Nonces
CVSS 9.8
Details
Vulnerabilities
8,407
Exploit Likelihood
High