The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,411 vulnerabilities with CWE-862
CVE-2020-36840
HIGH
MotoPress plugin <2.3.8 - Auth Bypass
CVSS 7.3
CVE-2020-36837
CRITICAL
ThemeGrill Demo Importer <1.6.1 - Auth Bypass
CVSS 9.9
CVE-2020-36835
MEDIUM
WPvivid Migration, Backup, Staging < 0.9.36 - Authenticated Sensitive Information Disclosure
CVSS 4.9
CVE-2020-36834
MEDIUM
Discount Rules for WooCommerce <2.0.2 - Auth Bypass
CVSS 6.3
CVE-2020-36833
MEDIUM
Indeed Membership Pro <8.6 - Auth Bypass
CVSS 6.3
CVE-2020-36831
MEDIUM
NextScripts: Social Networks Auto-Poster <4.3.17 - Auth Bypass
CVSS 5.0
CVE-2020-36698
HIGH
Security & Malware scan by CleanTalk < 2.51 - Authenticated Unauthorized File Upload and Deletion via AJAX Actions
CVSS 8.8
CVE-2020-23793
HIGH
Redhat VDI <0.14.0-6.el7_6.1.x86_64 - Privilege Escalation
CVSS 8.6
CVE-2020-36730
HIGH
CMP by NiteoThemes <= 3.8.1 - Unauthenticated Authorization Bypass
CVSS 8.3
CVE-2020-36729
MEDIUM
2J-SlideShow Plugin <1.3.31 - Auth Bypass
CVSS 5.4
CVE-2020-36725
HIGH
TI WooCommerce Wishlist/TI WooCommerce Wishlist Pro <1.21.11/1.21.4...
CVSS 8.8
CVE-2020-36721
MEDIUM
WordPress Themes - Plugin Activation/Deactivation
CVSS 6.5
CVE-2020-36720
HIGH
Kali Forms < 2.1.1 - Authenticated Options Change via update_option
CVSS 7.1
CVE-2020-36719
CRITICAL
ListingPro - WordPress Directory & Listing Theme <2.6.1 - Command I...
CVSS 9.8
CVE-2020-36716
HIGH
WP Activity Log <4.0.1 - Auth Bypass
CVSS 7.3
CVE-2020-36715
HIGH
Login/Signup Popup <1.4 - Auth Bypass
CVSS 7.4
CVE-2020-36712
HIGH
Kali Forms <2.1.1 - Unauthenticated RCE
CVSS 8.6
CVE-2020-36702
MEDIUM
Ultimate Addons for Gutenberg <1.14.7 - Auth Bypass
CVSS 5.5
CVE-2020-36699
MEDIUM
Quick Page/Post Redirect Plugin <5.1.9 - Auth Bypass
CVSS 4.3
CVE-2020-36697
HIGH
WP GDPR <= 2.1.1 - Unauthenticated Authorization Bypass via Missing Capability Check
CVSS 7.3
CVE-2020-36696
HIGH
Product Input Fields for WooCommerce <= 1.2.6 - Unauthenticated Authorization Bypass via handle_downloads()
CVSS 7.5
CVE-2020-9009
LOW
ShipStation.com plugin for CS-Cart < 1.1 - Unauthenticated Database Manipulation via shipnotify Endpoint
CVSS 3.7
CVE-2020-36670
MEDIUM
NEX-Forms WordPress <7.7.1 - Info Disclosure
CVSS 6.3
CVE-2020-36667
MEDIUM
JetBackup - WP Backup <1.4.1 - Privilege Escalation
CVSS 5.4
CVE-2020-22007
MEDIUM
OKER G955V1 v1.03.02.20161128 - OS Command Injection via Boot Sequence Interruption
CVSS 6.8
Details
Vulnerabilities
8,411
Exploit Likelihood
High