Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-5345

Summary
Assigner-dell
Assigner Org ID-c550e75a-17ff-4988-97f0-544cde3820fe
Published At-23 Jun, 2020 | 20:00
Updated At-17 Sep, 2024 | 01:51
Rejected At-
Credits

Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC Unisphere for PowerMax Virtual Appliance versions prior to 9.1.0.17, and PowerMax OS Release 5978 contain an authorization bypass vulnerability. An authenticated malicious user may potentially execute commands to alter or stop database statistics.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:dell
Assigner Org ID:c550e75a-17ff-4988-97f0-544cde3820fe
Published At:23 Jun, 2020 | 20:00
Updated At:17 Sep, 2024 | 01:51
Rejected At:
▼CVE Numbering Authority (CNA)

Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC Unisphere for PowerMax Virtual Appliance versions prior to 9.1.0.17, and PowerMax OS Release 5978 contain an authorization bypass vulnerability. An authenticated malicious user may potentially execute commands to alter or stop database statistics.

Affected Products
Vendor
Dell Inc.Dell
Product
Unisphere for PowerMax
Versions
Affected
  • From unspecified before 9.1.0.17 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-602CWE-602: Client-Side Enforcement of Server-Side Security
Type: CWE
CWE ID: CWE-602
Description: CWE-602: Client-Side Enforcement of Server-Side Security
Metrics
VersionBase scoreBase severityVector
3.16.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L
Version: 3.1
Base score: 6.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dell.com/support/security/en-us/details/544585/DSA-2020-065-Dell-EMC-Unisphere-for-PowerMax-Dell-EMC-Unisphere-for-PowerMax-Virtual-Appliance
x_refsource_MISC
Hyperlink: https://www.dell.com/support/security/en-us/details/544585/DSA-2020-065-Dell-EMC-Unisphere-for-PowerMax-Dell-EMC-Unisphere-for-PowerMax-Virtual-Appliance
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dell.com/support/security/en-us/details/544585/DSA-2020-065-Dell-EMC-Unisphere-for-PowerMax-Dell-EMC-Unisphere-for-PowerMax-Virtual-Appliance
x_refsource_MISC
x_transferred
Hyperlink: https://www.dell.com/support/security/en-us/details/544585/DSA-2020-065-Dell-EMC-Unisphere-for-PowerMax-Dell-EMC-Unisphere-for-PowerMax-Virtual-Appliance
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security_alert@emc.com
Published At:23 Jun, 2020 | 20:15
Updated At:02 Jul, 2020 | 15:37

Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC Unisphere for PowerMax Virtual Appliance versions prior to 9.1.0.17, and PowerMax OS Release 5978 contain an authorization bypass vulnerability. An authenticated malicious user may potentially execute commands to alter or stop database statistics.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Secondary3.16.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L
Primary2.05.5MEDIUM
AV:N/AC:L/Au:S/C:N/I:P/A:P
Type: Primary
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 6.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L
Type: Primary
Version: 2.0
Base score: 5.5
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:N/I:P/A:P
CPE Matches
Dell Inc.
dell
>>emc_unisphere_for_powermax>>Versions before 9.1.0.17(exclusive)
cpe:2.3:a:dell:emc_unisphere_for_powermax:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>emc_unisphere_for_powermax_virtual_appliance>>Versions before 9.1.0.17(exclusive)
cpe:2.3:a:dell:emc_unisphere_for_powermax_virtual_appliance:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>powermax_os>>5978
cpe:2.3:o:dell:powermax_os:5978:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-862Primarynvd@nist.gov
CWE-602Secondarysecurity_alert@emc.com
CWE ID: CWE-862
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-602
Type: Secondary
Source: security_alert@emc.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.dell.com/support/security/en-us/details/544585/DSA-2020-065-Dell-EMC-Unisphere-for-PowerMax-Dell-EMC-Unisphere-for-PowerMax-Virtual-Appliancesecurity_alert@emc.com
Vendor Advisory
Hyperlink: https://www.dell.com/support/security/en-us/details/544585/DSA-2020-065-Dell-EMC-Unisphere-for-PowerMax-Dell-EMC-Unisphere-for-PowerMax-Virtual-Appliance
Source: security_alert@emc.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

314Records found
CVE-2022-23160
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.4||MEDIUM
EPSS-0.10% / 28.78%
||
7 Day CHG~0.00%
Published-12 Apr, 2022 | 17:50
Updated-17 Sep, 2024 | 02:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, versions 8.2.0-9.3.0, contains an Improper Handling of Insufficient Permissions vulnerability. An remote malicious user could potentially exploit this vulnerability, leading to gaining write permissions on read-only files.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-274
Improper Handling of Insufficient Privileges
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-21540
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.9||MEDIUM
EPSS-0.38% / 58.45%
||
7 Day CHG~0.00%
Published-30 Apr, 2021 | 20:55
Updated-16 Sep, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a stack-based overflow vulnerability. A remote authenticated attacker could potentially exploit this vulnerability to overwrite configuration information by injecting arbitrarily large payload.

Action-Not Available
Vendor-Dell Inc.
Product-idrac9_firmwareIntegrated Dell Remote Access Controller (iDRAC)
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-45761
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.4||MEDIUM
EPSS-0.19% / 40.65%
||
7 Day CHG-0.01%
Published-09 Dec, 2024 | 16:12
Updated-04 Feb, 2025 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains an improper input validation vulnerability. A remote low-privileged malicious user could potentially exploit this vulnerability to load any web plugins or Java class leading to the possibility of altering the behavior of certain apps/OS or Denial of Service.

Action-Not Available
Vendor-Dell Inc.Linux Kernel Organization, IncMicrosoft Corporation
Product-linux_kernelwindowsopenmanage_server_administratorDell OpenManage Server Administrator
CWE ID-CWE-20
Improper Input Validation
CVE-2020-29494
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.7||HIGH
EPSS-0.96% / 75.59%
||
7 Day CHG~0.00%
Published-14 Jan, 2021 | 21:10
Updated-16 Sep, 2024 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a Path Traversal Vulnerability in PDM. A remote user could potentially exploit this vulnerability, to gain unauthorized write access to the arbitrary files stored on the server filesystem, causing deletion of arbitrary files.

Action-Not Available
Vendor-Dell Inc.
Product-emc_integrated_data_protection_applianceemc_avamar_serverAvamar
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-5321
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.6||HIGH
EPSS-0.43% / 61.63%
||
7 Day CHG~0.00%
Published-19 Jul, 2021 | 21:30
Updated-17 Sep, 2024 | 03:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC OpenManage Enterprise (OME) versions prior to 3.2 and OpenManage Enterprise-Modular (OME-M) versions prior to 1.10.00 contain an improper input validation vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to spawn tasks with elevated privileges.

Action-Not Available
Vendor-Dell Inc.
Product-emc_openmanage_enterprise-modularemc_openmanage_enterpriseDell OpenManage Enterprise
CWE ID-CWE-20
Improper Input Validation
CVE-2021-36338
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.3||MEDIUM
EPSS-0.11% / 30.12%
||
7 Day CHG~0.00%
Published-21 Jan, 2022 | 20:15
Updated-16 Sep, 2024 | 22:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege escalation vulnerability. An adjacent malicious user could potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to. CVE-2022-31233 addresses the partial fix in CVE-2021-36338.

Action-Not Available
Vendor-Dell Inc.
Product-unisphere_for_powermax_virtual_applianceunisphere_for_powermaxvasasolutions_enabler_virtual_appliancepowermax_ossolutions_enablerunisphere_360Unisphere for PowerMax
CWE ID-CWE-602
Client-Side Enforcement of Server-Side Security
CWE ID-CWE-565
Reliance on Cookies without Validation and Integrity Checking
CVE-2018-1217
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-9.8||CRITICAL
EPSS-23.09% / 95.71%
||
7 Day CHG~0.00%
Published-09 Apr, 2018 | 20:00
Updated-16 Sep, 2024 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Avamar Installation Manager in Dell EMC Avamar Server 7.3.1, 7.4.1, and 7.5.0, and Dell EMC Integrated Data Protection Appliance 2.0 and 2.1, is affected by a missing access control check vulnerability which could potentially allow a remote unauthenticated attacker to read or change the Local Download Service (LDLS) credentials. The LDLS credentials are used to connect to Dell EMC Online Support. If the LDLS configuration was changed to an invalid configuration, then Avamar Installation Manager may not be able to connect to Dell EMC Online Support web site successfully. The remote unauthenticated attacker can also read and use the credentials to login to Dell EMC Online Support, impersonating the AVI service actions using those credentials.

Action-Not Available
Vendor-Dell Inc.
Product-emc_integrated_data_protection_applianceemc_avamarAvamar, Integrated Data Protection Appliance
CWE ID-CWE-862
Missing Authorization
CVE-2021-21531
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.1||HIGH
EPSS-0.14% / 35.41%
||
7 Day CHG~0.00%
Published-30 Apr, 2021 | 21:10
Updated-17 Sep, 2024 | 03:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unisphere for PowerMax versions prior to 9.2.1.6 contain an Authorization Bypass Vulnerability. A local authenticated malicious user with monitor role may exploit this vulnerability to perform unauthorized actions.

Action-Not Available
Vendor-Dell Inc.
Product-unisphere_for_powermax_virtual_applianceunisphere_for_powermaxsolutions_enabler_virtual_appliancepowermax_ossolutions_enablerUnisphere for PowerMax
CWE ID-CWE-602
Client-Side Enforcement of Server-Side Security
CWE ID-CWE-669
Incorrect Resource Transfer Between Spheres
CVE-2021-21544
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-2.7||LOW
EPSS-0.21% / 43.95%
||
7 Day CHG~0.00%
Published-30 Apr, 2021 | 20:55
Updated-17 Sep, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain an improper authentication vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to manipulate the username field under the comment section and set the value to any user.

Action-Not Available
Vendor-Dell Inc.
Product-idrac9_firmwareIntegrated Dell Remote Access Controller (iDRAC)
CWE ID-CWE-602
Client-Side Enforcement of Server-Side Security
CWE ID-CWE-287
Improper Authentication
CVE-2024-53298
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-9.8||CRITICAL
EPSS-0.20% / 41.84%
||
7 Day CHG~0.00%
Published-20 Jun, 2025 | 13:51
Updated-11 Jul, 2025 | 12:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.1, contains a missing authorization vulnerability in the NFS export. An unauthenticated attacker with remote access could potentially exploit this vulnerability leading to unauthorized filesystem access. The attacker may be able to read, modify, and delete arbitrary files. This vulnerability is considered critical as it can be leveraged to fully compromise the system. Dell recommends customers to upgrade at the earliest opportunity.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-862
Missing Authorization
CVE-2024-49596
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-5.9||MEDIUM
EPSS-0.12% / 31.49%
||
7 Day CHG+0.01%
Published-26 Nov, 2024 | 02:56
Updated-04 Feb, 2025 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Wyse Management Suite, version WMS 4.4 and prior, contain a Missing Authorization vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service and arbitrary file deletion

Action-Not Available
Vendor-Dell Inc.
Product-wyse_management_suiteWyse Management SuiteWyse Management Suite Repositorywyse_management_suitedell_wyse_management_suite_repository
CWE ID-CWE-862
Missing Authorization
CVE-2024-45760
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 28.97%
||
7 Day CHG+0.01%
Published-09 Dec, 2024 | 16:17
Updated-04 Feb, 2025 | 18:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains an improper access control vulnerability. A remote low privileged user could potentially exploit this vulnerability via the HTTP GET method leading to unauthorized action with elevated privileges.

Action-Not Available
Vendor-Dell Inc.
Product-openmanage_server_administratorDell OpenManage Server Administrator
CWE ID-CWE-862
Missing Authorization
CVE-2022-31233
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.3||MEDIUM
EPSS-0.10% / 27.29%
||
7 Day CHG~0.00%
Published-31 Aug, 2022 | 20:05
Updated-16 Sep, 2024 | 16:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unisphere for PowerMax versions before 9.2.3.15 contain a privilege escalation vulnerability. An adjacent malicious user may potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to.

Action-Not Available
Vendor-Dell Inc.
Product-unisphere_for_powermax_virtual_applianceunisphere_for_powermaxvasasolutions_enabler_virtual_applianceevasa_provider_virtual_appliancepowermax_ossolutions_enablerunisphere_360Unisphere for PowerMax
CWE ID-CWE-602
Client-Side Enforcement of Server-Side Security
CWE ID-CWE-669
Incorrect Resource Transfer Between Spheres
CVE-2020-5362
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.1||HIGH
EPSS-0.05% / 15.50%
||
7 Day CHG~0.00%
Published-10 Jun, 2020 | 20:40
Updated-17 Sep, 2024 | 02:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Client Consumer and Commercial platforms include an improper authorization vulnerability in the Dell Manageability interface for which an unauthorized actor, with local system access with OS administrator privileges, could bypass the BIOS Administrator authentication to restore BIOS Setup configuration to default values.

Action-Not Available
Vendor-Dell Inc.
Product-inspiron_13_2-in-1_7359inspiron_15_7570_firmwarevostro_5391_firmwareinspiron_3470latitude_e7270inspiron_7790_aioinspiron_7591_2_in_1optiplex_5480_aiovostro_3669precision_7820_firmwarevostro_3558_firmwareinspiron_5590_firmwarelatitude_e5550g7_17_7790_firmwareinspiron_14_gaming_7466_firmwareoptiplex_3280_aio_firmwarelatitude_5179inspiron_17_2-in-1_7779latitude_7380_firmwarevostro_3888xps_13_9370inspiron_5570inspiron_7490vostro_3888_firmwareinsprion_5491_aiolatitude_e5270wyse_7040_thin_clientinspiron_15_2-in-1_5578latitude_5590optiplex_5080latitude_5511latitude_7390_2-in-1latitude_7214_rugged_extreme_firmwareinspiron_7501precision_5550inspiron_7580_firmwareprecision_7920inspiron_3583precision_7720vostro_5581_firmwarexps_12_9250_firmwarelatitude_3380_firmwareoptiplex_7760_aioprecision_5530_firmwareinsprion_5491_aio_firmwareoptiplex_5040vostro_15_7580inspiron_14_5468inspiron_13_7370_firmwareprecision_tower_3431_small_form_factor_firmwareinspiron_7391_2_in_1_firmwareinspiron_15_3559_firmwareoptiplex_5050latitude_3460_firmwareg5_15_5500_firmwareinspiron_15_2-in-1_7568_firmwareinspiron_15_gaming_7577latitude_3470optiplex_3050_aioinspiron_5400_2_in1precision_3620_towerxps_13_9360vostro_14_3478_firmwareoptiplex_3060_firmwareinspiron_5490_aio_firmwarelatitude_3590_firmwareinspiron_5557latitude_7490_firmwarelatitude_7250_firmwareinspiron_14_7460_firmwareinspiron_15_2-in-1_7569precision_5520xps_7390_2-in-1_firmwareinspiron_7490_firmwareoptiplex_7480_aioprecision_5720_aiolatitude_5591xps_15_9570inspiron_14_3459inspiron_3471optiplex_5050_firmwareprecision_7520_firmwarelatitude_5175_firmwarelatitude_5250inspiron_13_7370inspiron_7586optiplex_3040_firmwarelatitude_3400optiplex_5070optiplex_7460_aio_firmwarevostro_3458_firmwareoptiplex_7071_towerprecision_3430optiplex_3280_aioinspiron_14_7460latitude_7285_firmwarexps_13_9370_firmwarelatitude_3560vostro_3581_firmwarelatitude_7275vostro_3581latitude_9410optiplex_7070latitude_3570optiplex_7080_firmwarelatitude_5420_rugged_firmwarelatitude_5310inspiron_15_5567vostro_5391optiplex_aio_7470_firmwarelatitude_3301inspiron_5594latitude_5420_ruggedvostro_3268_firmwarevostro_3660latitude_7390_2-in-1_firmwarechengming_3967inspiron_5457latitude_7480_firmwarelatitude_3350_firmwarevostro_14_5468_firmwarelatitude_e5470_firmwarechengming_3977vostro_5090latitude_3190vostro_5370inspiron_5580_firmwareinspiron_3881_firmwarelatitude_5488inspiron_13_2-in-1_7359_firmwarelatitude_7380vostro_14_5468xps_15_9560inspiron_3580_firmwareinspiron_14_gaming_7466inspiron_3781_firmwarelatitude_5550_firmwarevostro_5370_firmwareinspiron_13_2-in-1_7373vostro_3670_firmwareinspiron_15_2-in-1_5568inspiron_15_gaming_7577_firmwareinspiron_13_2-in-1_7378latitude_7214_rugged_extremelatitude_7275_firmwarexps_7380_firmwarelatitude_3310precision_7520latitude_5290_2-in-1vostro_15_3578_firmwarevostro_3660_firmwarewyse_5470_all-in-one_firmwareinspiron_5482precision_7820_towerlatitude_7290optiplex_3240_aiolatitude_7212_rugged_extreme_tablet_firmwareinspiron_17_2-in-1_7773_firmwarelatitude_7480latitude_7210_2_in_1_firmwarevostro_3881inspiron_7391_firmwarewyse_5470_firmwareinspiron_5593latitude_5550inspiron_7580vostro_5390_firmwareinspiron_3668inspiron_5770latitude_3580latitude_7250precision_5820_tower_firmwareinspiron_3668_firmwareinspiron_5559_firmwareinspiron_3493_firmwareinspiron_7590_2_in_1_firmwarevostro_3558vostro_5300latitude_3190_2-in-1_firmwarelatitude_5285inspiron_5480_firmwareinspiron_3590chengming_3967_firmwareoptiplex_xe3_firmwareinspiron_7590vostro_5880vostro_3268latitude_7350_firmwareinspiron_15-3552optiplex_7070_firmwarevostro_3584optiplex_xe3precision_5510latitude_3301_firmwarevostro_3481_firmwarelatitude_5491optiplex_7040inspiron_7386inspiron_5591_2-in-1_firmwareinspiron_11_2-in-1_3158_firmwarelatitude_7280g3_15_3500inspiron_7591_2_in_1_firmwarevostro_3459latitude_5410precision_3541optiplex_7050_firmwareinspiron_7300_2_in_1_firmwareprecision_7730_firmwarelatitude_3379_firmwareprecision_3551inspiron_17_5767precision_5820_towerprecision_7730inspiron_7380precision_3640_tower_firmwarelatitude_7350optiplex_7780_aio_firmwarelatitude_7414_rugged_firmwareg7_17_7790optiplex_aio_7770_firmwareoptiplex_5260_aio_firmwarelatitude_7285g7_15_7590inspiron_13_2-in-1_5379_firmwareinspiron_7391vostro_3671_firmwareinspiron_15_2-in-1_5578_firmwareprecision_3440precision_7510_firmwareinspiron_7300_2_in_1optiplex_5250_firmwarelatitude_e5450inspiron_7390_2_in_1_firmwareinspiron_3576inspiron_3671_firmwareinspiron_14_gaming_7467_firmwareprecision_3550_firmwarevostro_3668_firmwarelatitude_3310_firmwarevostro_15_7580_firmwareinspiron_3781inspiron_3576_firmwareinspiron_5300_firmwareg7_7588_firmwarelatitude_3570_firmwareoptiplex_3050_firmwarevostro_7500inspiron_7590_firmwareinspiron_5491_2_in_1latitude_3460_mobile_thin_clientinspiron_15_3567latitude_7389vostro_3681vostro_3591latitude_3560_firmwareinspiron_5570_firmwareprecision_7920_towervostro_3559_firmwareinspiron_3481inspiron_3780_firmwareprecision_3530g7_7588latitude_5411_firmwarelatitude_3510_firmwareinspiron_3470_firmwareinspiron_3593inspiron_5370latitude_5250_firmwareoptiplex_7460_aioinspiron_5491_2_in_1_firmwareinspiron_3481_firmwareprecision_5530inspiron_15_gaming_7567inspiron_14_3458_firmwarelatitude_7310_firmwareoptiplex_7440_aiooptiplex_7071_tower_firmwareinspiron_3790_firmwareinspiron_3584_firmwarelatitude_9510latitude_5280_mobile_thin_client_firmwarevostro_3591_firmwareinspiron_3583_firmwareinspiron_5770_firmwareinspiron_7586_firmwareprecision_tower_3431_small_form_factorlatitude_3180_firmwarevostro_3681_firmwarevostro_3580_firmwareinspiron_3581_firmwarelatitude_9510_firmwarexps_8900_firmwarexps_15_9570_firmwarelatitude_3490_firmwarelatitude_5300_2-in-1_firmwarevostro_3668latitude_7280_firmwarevostro_3670latitude_5280latitude_5179_firmwareoptiplex_3240_aio_firmwarewyse_7040_thin_client_firmwareinspiron_3880inspiron_5580latitude_5480_firmwarelatitude_e7450_firmwareprecision_3930_rackprecision_5530_2-in_1vostro_3490inspiron_5391g5_15_5590_firmwareinspiron_5598latitude_e5550_firmwareg7_15_7590_firmwarexps_13_2-in-1_9365_firmwarelatitude_3480inspiron_15_2-in-1_5579inspiron_5459xps_13_9300_firmwarelatitude_e7450inspiron_14_3468_firmwarelatitude_5280_mobile_thin_clientvostro_3671inspiron_7591inspiron_13_2-in-1_7368_firmwarelatitude_7310inspiron_7500_2_in_1optiplex_5270_aioinspiron_7500latitude_3379vostro_3584_firmwareinspiron_15_2-in-1_7579_firmwareinspiron_5457_firmwarechengming_3990_firmwarelatitude_3390_2-in-1_firmwarelatitude_7414_ruggedvostro_15_5568inspiron_15_5567_firmwareprecision_3520_firmwareinspiron_5594_firmwarechengming_3980precision_3551_firmwareinspiron_14_5490_firmwareprecision_5530_2-in_1_firmwarevostro_3458optiplex_7060vostro_14_3468_firmwarelatitude_5290_firmwarelatitude_7424_rugged_extremeg5_5090_firmwarelatitude_7390vostro_3491_firmwareg3_15_3590vostro_3480_firmwareprecision_7510inspiron_5490_aioxps_27_aio_7760_firmwarechengming_3991_firmwarevostro_7590_firmwarelatitude_e5250_firmwareprecision_3510_firmwarewyse_5070_thin_client_firmwareinspiron_11_2-in-1_3158inspiron_5759latitude_7389_firmwarelatitude_e7470precision_3630_tower_firmwareinspiron_13_2-in-1_7373_firmwareoptiplex_5040_firmwareinspiron_3581inspiron_15_5566_firmwarelatitude_5424_ruggedlatitude_5488_firmwareinspiron_7590_2_in_1inspiron_5583inspiron_7500_firmwareinspiron_15_3559inspiron_5591_2-in-1precision_3541_firmwarelatitude_3480_mobile_thin_client_firmwareprecision_7920_firmwareinspiron_15_7572xps_27_aio_7760inspiron_3476_firmwarevostro_3881_firmwarevostro_3490_firmwarelatitude_5511_firmwareoptiplex_7040_firmwareinspiron_5493inspiron_17_2-in-1_7779_firmwareprecision_3550latitude_7370latitude_7370_firmwarexps_7380optiplex_5070_firmwareinspiron_7790_aio_firmwarelatitude_3390_2-in-1latitude_3310_2-in-1inspiron_5390_firmwarelatitude_5490inspiron_17_2-in-1_7773inspiron_13_2-in-1_7378_firmwareinspiron_7390_2_in_1vostro_3070_firmwareprecision_5720_aio_firmwarexps_13_2-in-1_9365latitude_3190_2-in-1vostro_3481inspiron_7786latitude_9410_firmwarevostro_7590latitude_5310_2_in_1_firmwareinspiron_17_5767_firmwarelatitude_e7270_firmwarelatitude_5280_firmwareg5_5587_firmwarelatitude_3180inspiron_3268latitude_5300_2-in-1latitude_7424_rugged_extreme_firmwarelatitude_e5470optiplex_3070_firmwareinspiron_15_gaming_7566inspiron_13_2-in-1_5378latitude_7410_firmwarevostro_3667latitude_e7470_firmwareprecision_7720_firmwareinspiron_3476inspiron_3780inspiron_7380_firmwarelatitude_7390_firmwareprecision_7710latitude_5410_firmwarevostro_5090_firmwarelatitude_3400_firmwarelatitude_3510inspiron_15_3568_firmwareinspiron_5584precision_3520latitude_e5570inspiron_3880_firmwareg5_5090optiplex_3050precision_7820_tower_firmwareoptiplex_5080_firmwareinspiron_14_3459_firmwareinspiron_15_7570latitude_e5270_firmwareinspiron_5493_firmwarevostro_3471inspiron_3480_firmwareoptiplex_5060_firmwarevostro_3590vostro_5390latitude_e7250_firmwareinspiron_11_2-in-1_3153vostro_5590_firmwarelatitude_3470_firmwareprecision_7530_firmwareinspiron_3790vostro_3583_firmwareinspiron_15_5566inspiron_15_gaming_7567_firmwarelatitude_3190_firmwareinspiron_5494optiplex_5260_aioinspiron_15_2-in-1_5579_firmwarelatitude_e7270_mobile_thin_clientg3_3779_firmwarexps_13_9300vostro_15_3578latitude_3500_firmwareoptiplex_aio_7770inspiron_13_2-in-1_5379latitude_5285_firmwarelatitude_7210_2_in_1chengming_3991latitude_5288_firmwareinspiron_5559inspiron_7501_firmwareinspiron_5480inspiron_15_2-in-1_7569_firmwareoptiplex_7760_aio_firmwarelatitude_5290_2-in-1_firmwareinspiron_3471_firmwarevostro_3669_firmwareprecision_7710_firmwarelatitude_3590inspiron_5400_2_in1_firmwareinspiron_7472_firmwarechengming_3990optiplex_7780_aiovostro_3583latitude_5491_firmwarevostro_5880_firmwareinspiron_3493inspiron_15_7560xps_15_9560_firmwarevostro_14_3468optiplex_3060optiplex_5060chengming_3988_firmwareinspiron_15_2-in-1_7573_firmwareinspiron_3584inspiron_5482_firmwarelatitude_3410_firmwarevostro_5481wyse_5470_all-in-oneprecision_3530_firmwareinspiron_5583_firmwareinspiron_15_2-in-1_7579latitude_5580_firmwarelatitude_3189vostro_3580inspiron_7472latitude_5175inspiron_14_3467_firmwarevostro_3491inspiron_13_2-in-1_5368vostro_15_3568embedded_box_pc_5000optiplex_7480_aio_firmwareinspiron_15_2-in-1_5568_firmwarexps_7390_2-in-1xps_8900inspiron_3580vostro_3267_firmwarevostro_3470_firmwareg3_3579inspiron_5557_firmwareinspiron_7386_firmwarelatitude_3460_mobile_thin_client_firmwareoptiplex_7080vostro_7500_firmwarelatitude_5480vostro_5471_firmwareinspiron_17_2-in-1_7778_firmwarevostro_3559optiplex_3046g3_15_3500_firmwarelatitude_e7270_mobile_thin_client_firmwarelatitude_5414_rugged_firmwarelatitude_5424_rugged_firmwareinspiron_14_5490inspiron_17_2-in-1_7778inspiron_13_2-in-1_5368_firmwarelatitude_5510vostro_5300_firmwarewyse_5470inspiron_3593_firmwareinspiron_5459_firmwarevostro_3459_firmwareinspiron_5481inspiron_5494_firmwareprecision_3440_firmwareinspiron_7786_firmwarelatitude_3310_2-in-1_firmwarelatitude_5310_2_in_1vostro_15_3568_firmwarelatitude_7410inspiron_3590_firmwareprecision_3430_firmwarelatitude_5411optiplex_7450_firmwareoptiplex_7450optiplex_3050_aio_firmwarexps_15_2-in-1_9575_firmwareinspiron_15_3567_firmwareg3_3579_firmwarevostro_15_5568_firmwarelatitude_3480_firmwarelatitude_3189_firmwarexps_13_9360_firmwarevostro_3590_firmwareinspiron_5498optiplex_7440_aio_firmwareinspiron_14_5468_firmwareinspiron_7591_firmwarexps_15_7500latitude_5290inspiron_5300latitude_5289_firmwareprecision_5550_firmwarechengming_3980_firmwarelatitude_5590_firmwareinspiron_15_7572_firmwareinspiron_5590latitude_3350vostro_5481_firmwarevostro_5490vostro_3267inspiron_14_3467g3_15_3590_firmwareinspiron_3671optiplex_aio_7470inspiron_15_2-in-1_7573inspiron_5582inspiron_5498_firmwareinspiron_13_2-in-1_7368precision_5540vostro_5490_firmwareinspiron_14_3473inspiron_14_3458inspiron_3480optiplex_5270_aio_firmwareinspiron_13_2-in-1_7353latitude_3490latitude_e5450_firmwareprecision_3930_rack_firmwareinspiron_3670inspiron_3793_firmwarelatitude_3300_firmwarevostro_5471precision_3640_towerxps_15_7500_firmwareinspiron_11_2-in-1_3153_firmwareinspiron_5759_firmwareinspiron_7391_2_in_1vostro_5581inspiron_3490latitude_5510_firmwareinspiron_3670_firmwarelatitude_3480_mobile_thin_clientlatitude_7212_rugged_extreme_tabletvostro_15_7570latitude_e5570_firmwareoptiplex_3046_firmwarelatitude_3380inspiron_15_gaming_7566_firmwarelatitude_5289inspiron_5582_firmwarelatitude_3460precision_7820vostro_3471_firmwarelatitude_3410precision_5510_firmwareprecision_3420_towerg5_15_5590wyse_5070_thin_clientinspiron_3881xps_13_9380inspiron_14_gaming_7467precision_3420_tower_firmwareoptiplex_5480_aio_firmwarelatitude_5490_firmwarelatitude_5591_firmwarelatitude_5310_firmwarelatitude_3500vostro_3070inspiron_3793inspiron_5481_firmwareprecision_5520_firmwarexps_12_9250chengming_3988inspiron_13_2-in-1_7353_firmwarelatitude_3300latitude_5580precision_3620_tower_firmwareinspiron_5584_firmwareprecision_5540_firmwarevostro_5590inspiron_3268_firmwarexps_15_2-in-1_9575inspiron_13_2-in-1_5378_firmwarevostro_3480inspiron_7500_2_in_1_firmwareg5_15_5500latitude_5450inspiron_15_3568inspiron_5593_firmwareprecision_3630_towerg5_5587latitude_3580_firmwareinspiron_5598_firmwarevostro_3470latitude_5414_ruggedoptiplex_3070optiplex_3040inspiron_15_2-in-1_7568latitude_5450_firmwarelatitude_7290_firmwareprecision_7530inspiron_5370_firmwarechengming_3977_firmwareinspiron_15_7560_firmwareinspiron_5391_firmwarelatitude_e5250embedded_box_pc_5000_firmwareoptiplex_7050inspiron_14_3468inspiron_3490_firmwareprecision_3510vostro_14_3478xps_13_9380_firmwarelatitude_7490inspiron_5390latitude_5288optiplex_7060_firmwareg3_3779inspiron_15-3552_firmwareinspiron_14_3473_firmwareoptiplex_5250vostro_3667_firmwarelatitude_e7250precision_7920_tower_firmwarevostro_15_7570_firmwareDell Client Consumer and Commercial platforms
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-862
Missing Authorization
CVE-2019-18581
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-9.1||CRITICAL
EPSS-2.20% / 83.76%
||
7 Day CHG~0.00%
Published-18 Mar, 2020 | 18:20
Updated-16 Sep, 2024 | 23:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions prior to patch 71 contain a server missing authorization vulnerability in the REST API. A remote authenticated malicious user with administrative privileges may potentially exploit this vulnerability to alter the application’s allowable list of OS commands. This may lead to arbitrary OS command execution as the regular user runs the DPA service on the affected system.

Action-Not Available
Vendor-Dell Inc.
Product-emc_idpa_dp8300emc_integrated_data_protection_appliance_firmwareemc_data_protection_advisoremc_idpa_dp5800emc_idpa_dp4400emc_idpa_dp8800Data Protection Advisor
CWE ID-CWE-862
Missing Authorization
CVE-2020-5368
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-9.8||CRITICAL
EPSS-0.63% / 69.25%
||
7 Day CHG~0.00%
Published-06 Jul, 2020 | 17:45
Updated-16 Sep, 2024 | 22:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC VxRail versions 4.7.410 and 4.7.411 contain an improper authentication vulnerability. A remote unauthenticated attacker may exploit this vulnerability to obtain sensitive information in an encrypted form.

Action-Not Available
Vendor-Dell Inc.
Product-vxrail_d560f_firmwarevxrail_d560fvxrail_d560vxrail_d560_firmwareVxRail
CWE ID-CWE-862
Missing Authorization
CVE-2025-8796
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 9.96%
||
7 Day CHG~0.00%
Published-10 Aug, 2025 | 06:02
Updated-13 Aug, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LitmusChaos Litmus Delete Request delete_project authorization

A vulnerability has been found in LitmusChaos Litmus up to 3.19.0 and classified as problematic. This vulnerability affects unknown code of the file /auth/delete_project/ of the component Delete Request Handler. The manipulation of the argument projectID leads to missing authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-LitmusChaos
Product-Litmus
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-28004
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.10% / 29.15%
||
7 Day CHG~0.00%
Published-28 Mar, 2024 | 05:51
Updated-28 Jan, 2025 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Colibri Page Builder plugin <= 1.0.248 - Broken Access Control vulnerability

Missing Authorization vulnerability in ExtendThemes Colibri Page Builder.This issue affects Colibri Page Builder: from n/a through 1.0.248.

Action-Not Available
Vendor-extendthemesExtendThemesextendthemes
Product-colibri_page_builderColibri Page Buildercolibri_page_builder
CWE ID-CWE-862
Missing Authorization
CVE-2024-2538
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 16.46%
||
7 Day CHG~0.00%
Published-20 Mar, 2024 | 05:32
Updated-05 Feb, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_save_permalink' function in all versions up to, and including, 2.4.3.1. This makes it possible for authenticated attackers, with author access and above, to modify the permalinks of arbitrary posts.

Action-Not Available
Vendor-permalink_manager_lite_projectmbispermalink_manager_lite_project
Product-permalink_manager_litePermalink Manager Propermalink_manager_lite
CWE ID-CWE-862
Missing Authorization
CVE-2024-25907
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.09% / 26.87%
||
7 Day CHG~0.00%
Published-21 Mar, 2024 | 17:53
Updated-01 Aug, 2024 | 23:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Media folder plugin <= 5.7.2 - Plugin Settings Change vulnerability

Missing Authorization vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2.

Action-Not Available
Vendor-JoomUnited
Product-WP Media folder
CWE ID-CWE-862
Missing Authorization
CVE-2024-25922
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.09% / 26.87%
||
7 Day CHG~0.00%
Published-21 Mar, 2024 | 17:33
Updated-01 Aug, 2024 | 23:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Peach Payments Gateway plugin <= 3.1.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Peach Payments Peach Payments Gateway.This issue affects Peach Payments Gateway: from n/a through 3.1.9.

Action-Not Available
Vendor-Peach Payments
Product-Peach Payments Gateway
CWE ID-CWE-862
Missing Authorization
CVE-2023-0713
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.03% / 7.08%
||
7 Day CHG~0.00%
Published-07 Feb, 2023 | 21:05
Updated-07 Nov, 2023 | 04:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_add_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin.

Action-Not Available
Vendor-wickedpluginswickedplugins
Product-wicked_foldersWicked Folders
CWE ID-CWE-862
Missing Authorization
CVE-2023-0720
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 14.54%
||
7 Day CHG~0.00%
Published-08 Feb, 2023 | 01:03
Updated-07 Nov, 2023 | 04:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_folder_order function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin.

Action-Not Available
Vendor-wickedpluginswickedplugins
Product-wicked_foldersWicked Folders
CWE ID-CWE-862
Missing Authorization
CVE-2023-0405
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-5.4||MEDIUM
EPSS-0.13% / 33.23%
||
7 Day CHG~0.00%
Published-13 Feb, 2023 | 14:32
Updated-21 Mar, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GPT3 AI Content Writer < 1.4.38 - Subscriber+ Arbitrary Post Content Update

The GPT AI Power: Content Writer & ChatGPT & Image Generator & WooCommerce Product Writer & AI Training WordPress plugin before 1.4.38 does not perform any kind of nonce or privilege checks before letting logged-in users modify arbitrary posts.

Action-Not Available
Vendor-gptaipowerUnknown
Product-gpt_ai_powerGPT AI Power: Content Writer & ChatGPT & Image Generator & WooCommerce Product Writer & AI Training
CWE ID-CWE-862
Missing Authorization
CVE-2024-24716
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 24.21%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 10:21
Updated-11 Oct, 2024 | 13:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Awesome Support plugin <= 6.1.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through 6.1.6.

Action-Not Available
Vendor-getawesomesupportAwesome Support Team
Product-awesome_supportAwesome Support
CWE ID-CWE-862
Missing Authorization
CVE-2024-24704
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.12% / 31.16%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 09:25
Updated-01 Aug, 2024 | 23:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Load More Anything plugin <= 3.3.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in AddonMaster Load More Anything.This issue affects Load More Anything: from n/a through 3.3.3.

Action-Not Available
Vendor-AddonMaster (Akhtarujjaman Shuvo)
Product-load_more_anythingLoad More Anything
CWE ID-CWE-862
Missing Authorization
CVE-2022-45851
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 12.48%
||
7 Day CHG~0.00%
Published-25 Mar, 2024 | 11:30
Updated-03 Aug, 2024 | 14:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ShareThis Dashboard for Google Analytics plugin <= 3.1.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in ShareThis ShareThis Dashboard for Google Analytics.This issue affects ShareThis Dashboard for Google Analytics: from n/a through 3.1.4.

Action-Not Available
Vendor-ShareThis
Product-ShareThis Dashboard for Google Analytics
CWE ID-CWE-862
Missing Authorization
CVE-2024-21748
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 23.97%
||
7 Day CHG~0.00%
Published-08 Jun, 2024 | 16:14
Updated-01 Aug, 2024 | 22:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Icegram Engage plugin <= 3.1.21 - Broken Access Control vulnerability

Missing Authorization vulnerability in Icegram.This issue affects Icegram: from n/a through 3.1.21.

Action-Not Available
Vendor-icegramIcegram
Product-icegram_expressIcegram
CWE ID-CWE-862
Missing Authorization
CVE-2025-54037
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 13.28%
||
7 Day CHG~0.00%
Published-16 Jul, 2025 | 10:36
Updated-16 Jul, 2025 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress News Kit Elementor Addons plugin <= 1.3.4 - Broken Access Control Vulnerability

Missing Authorization vulnerability in blazethemes News Kit Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects News Kit Elementor Addons: from n/a through 1.3.4.

Action-Not Available
Vendor-blazethemes
Product-News Kit Elementor Addons
CWE ID-CWE-862
Missing Authorization
CVE-2024-20477
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.25% / 48.44%
||
7 Day CHG~0.00%
Published-02 Oct, 2024 | 16:55
Updated-08 Oct, 2024 | 16:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Nexus Dashboard Fabric Controller Unauthorized REST API Endpoint Vulnerability

A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to upload or delete files on an affected device. This vulnerability exists because of missing authorization controls on the affected REST API endpoint. An attacker could exploit this vulnerability by sending crafted API requests to the affected endpoint. A successful exploit could allow the attacker to upload files into a specific container or delete files from a specific folder within that container. This vulnerability only affects a specific REST API endpoint and does not affect the web-based management interface.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_dashboard_fabric_controllernexus_dashboardCisco Data Center Network Manager
CWE ID-CWE-862
Missing Authorization
CVE-2022-45352
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 12.15%
||
7 Day CHG~0.00%
Published-25 Mar, 2024 | 11:21
Updated-31 Jan, 2025 | 14:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Betheme premium theme <= 26.6.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1.

Action-Not Available
Vendor-Muffin Group
Product-bethemeBetheme
CWE ID-CWE-862
Missing Authorization
CVE-2022-45811
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.07% / 21.28%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 15:08
Updated-03 Jan, 2025 | 18:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Post Teaser plugin <= 4.1.5 - Auth. Broken Access Control vulnerability

Missing Authorization vulnerability in WeyHan Ng Post Teaser.This issue affects Post Teaser: from n/a through 4.1.5.

Action-Not Available
Vendor-WeyHan Ng
Product-Post Teaser
CWE ID-CWE-862
Missing Authorization
CVE-2024-1502
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 23.36%
||
7 Day CHG~0.00%
Published-12 Mar, 2024 | 23:33
Updated-15 Jan, 2025 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tutor_delete_announcement() function in all versions up to, and including, 2.6.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary posts.

Action-Not Available
Vendor-Themeum
Product-tutor_lmsTutor LMS – eLearning and online course solution
CWE ID-CWE-862
Missing Authorization
CVE-2025-54695
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 10.79%
||
7 Day CHG~0.00%
Published-14 Aug, 2025 | 10:34
Updated-14 Aug, 2025 | 14:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress HT Mega Plugin plugin <= 2.9.0 - Broken Access Control Vulnerability

Missing Authorization vulnerability in HasTech HT Mega allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects HT Mega: from n/a through 2.9.0.

Action-Not Available
Vendor-HasTech
Product-HT Mega
CWE ID-CWE-862
Missing Authorization
CVE-2025-54717
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 10.79%
||
7 Day CHG~0.00%
Published-14 Aug, 2025 | 18:21
Updated-15 Aug, 2025 | 13:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Membership Plugin <= 1.6.3 - Settings Change Vulnerability

Missing Authorization vulnerability in e-plugins WP Membership allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Membership: from n/a through 1.6.3.

Action-Not Available
Vendor-e-plugins
Product-WP Membership
CWE ID-CWE-862
Missing Authorization
CVE-2025-50009
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 13.28%
||
7 Day CHG~0.00%
Published-20 Jun, 2025 | 15:04
Updated-23 Jun, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Kata Plus plugin <= 1.5.3 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Climax Themes Kata Plus allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Kata Plus: from n/a through 1.5.3.

Action-Not Available
Vendor-Climax Themes
Product-Kata Plus
CWE ID-CWE-862
Missing Authorization
CVE-2024-13541
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 18.33%
||
7 Day CHG~0.00%
Published-12 Feb, 2025 | 03:21
Updated-25 Feb, 2025 | 03:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
aDirectory – WordPress Directory Listing Plugin <= 2.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion

The aDirectory – WordPress Directory Listing Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the adqs_delete_listing() function in all versions up to, and including, 2.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary posts.

Action-Not Available
Vendor-adirectoryadirectory
Product-adirectoryaDirectory – WordPress Directory Listing Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2021-36909
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-1.21% / 78.12%
||
7 Day CHG~0.00%
Published-18 Nov, 2021 | 14:41
Updated-28 Mar, 2025 | 16:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Reset PRO Premium plugin <= 5.98 - Authenticated Database Reset vulnerability

Authenticated Database Reset vulnerability in WordPress WP Reset PRO Premium plugin (versions <= 5.98) allows any authenticated user to wipe the entire database regardless of their authorization. It leads to a complete website reset and takeover.

Action-Not Available
Vendor-webfactoryltdWebFactory Ltd.
Product-wp_reset_proWP Reset PRO
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-862
Missing Authorization
CVE-2022-45351
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 12.48%
||
7 Day CHG~0.00%
Published-25 Mar, 2024 | 11:19
Updated-31 Jan, 2025 | 14:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Betheme premium theme <= 26.6.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1.

Action-Not Available
Vendor-Muffin Group
Product-bethemeBetheme
CWE ID-CWE-862
Missing Authorization
CVE-2025-50008
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 13.28%
||
7 Day CHG~0.00%
Published-20 Jun, 2025 | 15:04
Updated-23 Jun, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce Manager – Customize and Control Cart page, Add to Cart button, Checkout fields easily plugin <= 1.2.4.5 - Broken Access Control Vulnerability

Missing Authorization vulnerability in cscode WooCommerce Manager &#8211; Customize and Control Cart page, Add to Cart button, Checkout fields easily allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooCommerce Manager &#8211; Customize and Control Cart page, Add to Cart button, Checkout fields easily: from n/a through 1.2.4.5.

Action-Not Available
Vendor-cscode
Product-WooCommerce Manager &#8211; Customize and Control Cart page, Add to Cart button, Checkout fields easily
CWE ID-CWE-862
Missing Authorization
CVE-2025-49998
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 13.28%
||
7 Day CHG~0.00%
Published-20 Jun, 2025 | 15:04
Updated-23 Jun, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce Fortnox Integration plugin <= 4.5.5 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Wetail WooCommerce Fortnox Integration allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooCommerce Fortnox Integration: from n/a through 4.5.5.

Action-Not Available
Vendor-Wetail
Product-WooCommerce Fortnox Integration
CWE ID-CWE-862
Missing Authorization
CVE-2025-48246
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 16.31%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 14:44
Updated-21 May, 2025 | 20:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress The Events Calendar <= 6.11.2.1 - Broken Access Control Vulnerability

Missing Authorization vulnerability in The Events Calendar The Events Calendar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects The Events Calendar: from n/a through 6.11.2.1.

Action-Not Available
Vendor-The Events Calendar
Product-The Events Calendar
CWE ID-CWE-862
Missing Authorization
CVE-2025-47602
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 16.31%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Calculate Prices based on Distance For WooCommerce <= 1.3.5 - Broken Access Control Vulnerability

Missing Authorization vulnerability in ammarahmad786 Calculate Prices based on Distance For WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Calculate Prices based on Distance For WooCommerce: from n/a through 1.3.5.

Action-Not Available
Vendor-ammarahmad786
Product-Calculate Prices based on Distance For WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2025-48335
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 16.31%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 11:38
Updated-06 Jun, 2025 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Responsive Plus plugin <= 3.2.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in CyberChimps Responsive Plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Plus: from n/a through 3.2.0.

Action-Not Available
Vendor-CyberChimps Inc.
Product-Responsive Plus
CWE ID-CWE-862
Missing Authorization
CVE-2025-47612
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.06% / 18.22%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-23 May, 2025 | 12:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ClickWhale <= 2.4.6 - Broken Access Control Vulnerability

Missing Authorization vulnerability in flowdee ClickWhale allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ClickWhale: from n/a through 2.4.6.

Action-Not Available
Vendor-flowdeeflowdee
Product-clickwhaleClickWhale
CWE ID-CWE-862
Missing Authorization
CVE-2023-7287
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 30.17%
||
7 Day CHG~0.00%
Published-16 Oct, 2024 | 06:43
Updated-17 Oct, 2024 | 17:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'pt_cancel_subscription'

The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized subscription cancellation due to a missing capability check on the pt_cancel_subscription function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to cancel a subscription to the plugin.

Action-Not Available
Vendor-paytiumpaytiumsupport
Product-paytiumPaytium: Mollie payment forms & donations
CWE ID-CWE-862
Missing Authorization
CVE-2025-47480
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 16.31%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:19
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Graphina <= 3.0.4 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Iqonic Design Graphina allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Graphina: from n/a through 3.0.4.

Action-Not Available
Vendor-Iqonic Design
Product-Graphina
CWE ID-CWE-862
Missing Authorization
CVE-2023-7288
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 25.52%
||
7 Day CHG~0.00%
Published-16 Oct, 2024 | 06:43
Updated-17 Oct, 2024 | 17:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'update_profile_preference'

The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the update_profile_preference function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to change plugin settings.

Action-Not Available
Vendor-paytiumpaytiumsupport
Product-paytiumPaytium: Mollie payment forms & donations
CWE ID-CWE-862
Missing Authorization
CVE-2023-7289
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 25.52%
||
7 Day CHG~0.00%
Published-16 Oct, 2024 | 06:43
Updated-17 Oct, 2024 | 17:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'paytium_sw_save_api_keys'

The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized API key update due to a missing capability check on the paytium_sw_save_api_keys function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to change plugin API keys.

Action-Not Available
Vendor-paytiumpaytiumsupport
Product-paytiumPaytium: Mollie payment forms & donations
CWE ID-CWE-862
Missing Authorization
CVE-2023-6876
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.15% / 36.23%
||
7 Day CHG~0.00%
Published-07 Jun, 2024 | 02:02
Updated-29 Oct, 2024 | 19:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Clever Fox – One Click Website Importer by Nayra Themes <= 25.2.0 - Missing Authorization to arbitrary theme activation via clever-fox-activate-theme

The Clever Fox – One Click Website Importer by Nayra Themes plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'clever-fox-activate-theme' function in all versions up to, and including, 25.2.0. This makes it possible for authenticated attackers, with subscriber access and above, to modify the active theme, including to an invalid value which can take down the site.

Action-Not Available
Vendor-nayrathemesnayrathemes
Product-clever_foxClever Fox
CWE ID-CWE-862
Missing Authorization
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 6
  • 7
  • Next
Details not found