Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-0178

Summary
Assigner-@huntrdev
Assigner Org ID-c09c270a-b464-47c1-9133-acb35b22c19a
Published At-13 Jan, 2022 | 22:25
Updated At-02 Aug, 2024 | 23:18
Rejected At-
Credits

Missing Authorization in snipe/snipe-it

Missing Authorization vulnerability in snipe snipe/snipe-it.This issue affects snipe/snipe-i before 5.3.8.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:@huntrdev
Assigner Org ID:c09c270a-b464-47c1-9133-acb35b22c19a
Published At:13 Jan, 2022 | 22:25
Updated At:02 Aug, 2024 | 23:18
Rejected At:
▼CVE Numbering Authority (CNA)
Missing Authorization in snipe/snipe-it

Missing Authorization vulnerability in snipe snipe/snipe-it.This issue affects snipe/snipe-i before 5.3.8.

Affected Products
Vendor
snipe
Product
snipe/snipe-it
Default Status
unaffected
Versions
Affected
  • From unspecified before 5.3.8 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-862CWE-862 Missing Authorization
Type: CWE
CWE ID: CWE-862
Description: CWE-862 Missing Authorization
Metrics
VersionBase scoreBase severityVector
3.16.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Version: 3.1
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://huntr.dev/bounties/81c6b974-d0b3-410b-a902-8324a55b1368
x_refsource_CONFIRM
https://github.com/snipe/snipe-it/commit/0e5ef53c352754de2778ffa20c85da15fd6f7ae0
x_refsource_MISC
Hyperlink: https://huntr.dev/bounties/81c6b974-d0b3-410b-a902-8324a55b1368
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/snipe/snipe-it/commit/0e5ef53c352754de2778ffa20c85da15fd6f7ae0
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://huntr.dev/bounties/81c6b974-d0b3-410b-a902-8324a55b1368
x_refsource_CONFIRM
x_transferred
https://github.com/snipe/snipe-it/commit/0e5ef53c352754de2778ffa20c85da15fd6f7ae0
x_refsource_MISC
x_transferred
Hyperlink: https://huntr.dev/bounties/81c6b974-d0b3-410b-a902-8324a55b1368
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://github.com/snipe/snipe-it/commit/0e5ef53c352754de2778ffa20c85da15fd6f7ae0
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@huntr.dev
Published At:13 Jan, 2022 | 23:15
Updated At:02 Aug, 2023 | 09:15

Missing Authorization vulnerability in snipe snipe/snipe-it.This issue affects snipe/snipe-i before 5.3.8.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Secondary3.16.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Primary2.05.5MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:N
Type: Primary
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Type: Primary
Version: 2.0
Base score: 5.5
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:N
CPE Matches
snipeitapp
snipeitapp
>>snipe-it>>Versions before 5.3.8(exclusive)
cpe:2.3:a:snipeitapp:snipe-it:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-862Primarysecurity@huntr.dev
CWE-862Secondarynvd@nist.gov
CWE ID: CWE-862
Type: Primary
Source: security@huntr.dev
CWE ID: CWE-862
Type: Secondary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/snipe/snipe-it/commit/0e5ef53c352754de2778ffa20c85da15fd6f7ae0security@huntr.dev
Patch
Third Party Advisory
https://huntr.dev/bounties/81c6b974-d0b3-410b-a902-8324a55b1368security@huntr.dev
Exploit
Issue Tracking
Patch
Third Party Advisory
Hyperlink: https://github.com/snipe/snipe-it/commit/0e5ef53c352754de2778ffa20c85da15fd6f7ae0
Source: security@huntr.dev
Resource:
Patch
Third Party Advisory
Hyperlink: https://huntr.dev/bounties/81c6b974-d0b3-410b-a902-8324a55b1368
Source: security@huntr.dev
Resource:
Exploit
Issue Tracking
Patch
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

201Records found
CVE-2023-41046
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.10% / 27.82%
||
7 Day CHG~0.00%
Published-01 Sep, 2023 | 19:59
Updated-30 Sep, 2024 | 20:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Velocity execution without script rights in Xwiki platform

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible in XWiki to execute Velocity code without having script right by creating an XClass with a property of type "TextArea" and content type "VelocityCode" or "VelocityWiki". For the former, the syntax of the document needs to be set the `xwiki/1.0` (this syntax doesn't need to be installed). In both cases, when adding the property to an object, the Velocity code is executed regardless of the rights of the author of the property (edit right is still required, though). In both cases, the code is executed with the correct context author so no privileged APIs can be accessed. However, Velocity still grants access to otherwise inaccessible data and APIs that could allow further privilege escalation. At least for "VelocityCode", this behavior is most likely very old but only since XWiki 7.2, script right is a separate right, before that version all users were allowed to execute Velocity and thus this was expected and not a security issue. This has been patched in XWiki 14.10.10 and 15.4 RC1. Users are advised to upgrade. There are no known workarounds.

Action-Not Available
Vendor-XWiki SAS
Product-xwikixwiki-platform
CWE ID-CWE-862
Missing Authorization
CVE-2023-40625
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-5.4||MEDIUM
EPSS-0.15% / 35.80%
||
7 Day CHG~0.00%
Published-12 Sep, 2023 | 02:00
Updated-25 Sep, 2024 | 15:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Authorization check in SAP Manage Purchase Contracts App

S4CORE (Manage Purchase Contracts App) - versions 102, 103, 104, 105, 106, 107, does not perform necessary authorization checks for an authenticated user. This could allow an attacker to perform unintended actions resulting in escalation of privileges which has low impact on confidentiality and integrity with no impact on availibility of the system.

Action-Not Available
Vendor-SAP SE
Product-s4coreSAP Manage Purchase Contracts App
CWE ID-CWE-862
Missing Authorization
CVE-2024-10003
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.3||MEDIUM
EPSS-0.33% / 55.56%
||
7 Day CHG~0.00%
Published-22 Oct, 2024 | 04:31
Updated-25 Oct, 2024 | 21:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rover IDX <= 3.0.0.2903 - Authenticated (Subscriber+) Missing Authorization via Multiple Functions

The Rover IDX plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 3.0.0.2903. This makes it possible for authenticated attackers, with subscriber-level access and above, to add, modify, or delete plugin options.

Action-Not Available
Vendor-roveridxstevemullen
Product-rover_idxRover IDX
CWE ID-CWE-862
Missing Authorization
CVE-2023-4106
Matching Score-4
Assigner-Mattermost, Inc.
ShareView Details
Matching Score-4
Assigner-Mattermost, Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.09% / 26.66%
||
7 Day CHG~0.00%
Published-11 Aug, 2023 | 06:12
Updated-01 Oct, 2024 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
A guest user can perform various actions on public playbooks

Mattermost fails to check if the requesting user is a guest before performing different actions to public playbooks, resulting a guest being able to view, join, edit, export and archive public playbooks.

Action-Not Available
Vendor-Mattermost, Inc.
Product-mattermostMattermost
CWE ID-CWE-862
Missing Authorization
CVE-2024-10078
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-7.3||HIGH
EPSS-0.29% / 51.87%
||
7 Day CHG~0.00%
Published-18 Oct, 2024 | 07:35
Updated-22 Oct, 2024 | 16:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Easy Post Types <= 1.4.4 - Authenticated (Subscriber+) Missing Authorization via Multiple Functions

The WP Easy Post Types plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 1.4.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to add, modify, or delete plugin options and posts.

Action-Not Available
Vendor-newsignaturechertzwp_easy_post_types_project
Product-wp_easy_post_typesWP Easy Post Typeswp_easy_post_types
CWE ID-CWE-862
Missing Authorization
CVE-2023-6369
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.33% / 54.83%
||
7 Day CHG~0.00%
Published-11 Jan, 2024 | 08:32
Updated-03 Jun, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple AJAX actions in all versions up to, and including, 2.1.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to disclose sensitive information or perform unauthorized actions, such as saving advanced plugin settings.

Action-Not Available
Vendor-myrecorprecorp
Product-export_wp_page_to_static_html\/cssExport WP Page to Static HTML/CSS
CWE ID-CWE-862
Missing Authorization
CVE-2020-6301
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-5.4||MEDIUM
EPSS-0.18% / 39.76%
||
7 Day CHG~0.00%
Published-12 Aug, 2020 | 13:50
Updated-04 Aug, 2024 | 08:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP ERP (HCM Travel Management), versions - 600, 602, 603, 604, 605, 606, 607, 608, allows an authenticated but unauthorized attacker to read, modify and settle trips, resulting in escalation of privileges, due to Missing Authorization Check.

Action-Not Available
Vendor-SAP SE
Product-hcm_travel_managementSAP ERP (HCM Travel Management)
CWE ID-CWE-862
Missing Authorization
CVE-2023-52217
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 30.84%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 09:26
Updated-02 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce Conversion Tracking plugin <= 2.0.11 - Broken Access Control vulnerability

Missing Authorization vulnerability in weDevs WooCommerce Conversion Tracking.This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.11.

Action-Not Available
Vendor-weDevs Pte. Ltd.
Product-woocommerce_conversion_trackingWooCommerce Conversion Trackingwoocommerce_conversion_tracking
CWE ID-CWE-862
Missing Authorization
CVE-2023-52177
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.12% / 32.14%
||
7 Day CHG~0.00%
Published-12 Jun, 2024 | 08:42
Updated-01 Nov, 2024 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Integrate Google Drive plugin <= 1.3.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in SoftLab Integrate Google Drive.This issue affects Integrate Google Drive: from n/a through 1.3.3.

Action-Not Available
Vendor-softlabdbSoftLab
Product-integrate_google_driveIntegrate Google Drive
CWE ID-CWE-862
Missing Authorization
CVE-2023-3999
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.3||MEDIUM
EPSS-0.01% / 1.88%
||
7 Day CHG~0.00%
Published-31 Aug, 2023 | 05:33
Updated-05 Feb, 2025 | 19:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Waiting: One-click countdowns plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on its AJAX calls in versions up to, and including, 0.6.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to create and delete countdowns as well as manipulate other plugin settings.

Action-Not Available
Vendor-pluginpluginbuilders
Product-waitingWaiting: One-click countdowns
CWE ID-CWE-862
Missing Authorization
CVE-2023-37963
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-0.09% / 27.13%
||
7 Day CHG~0.00%
Published-12 Jul, 2023 | 15:53
Updated-06 Nov, 2024 | 19:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins Benchmark Evaluator Plugin 1.0.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL and to check for the existence of directories, `.csv`, and `.ycsb` files on the Jenkins controller file system.

Action-Not Available
Vendor-Jenkins
Product-benchmark_evaluatorJenkins Benchmark Evaluator Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2023-48222
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.1||HIGH
EPSS-0.24% / 46.21%
||
7 Day CHG~0.00%
Published-16 Nov, 2023 | 21:59
Updated-29 Aug, 2024 | 14:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated users can view or delete jobs they do not have authorization for in Rundeck

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In affected versions access to two URLs used in both Rundeck Open Source and Process Automation products could allow authenticated users to access the URL path, which would allow access to view or delete jobs, without the necessary authorization checks. This issue has been addressed in version 4.17.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-pagerdutyrundeck
Product-rundeckrundeck
CWE ID-CWE-862
Missing Authorization
CVE-2023-35164
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.06% / 19.26%
||
7 Day CHG~0.00%
Published-26 Jun, 2023 | 21:17
Updated-06 Nov, 2024 | 17:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthorized users can manipulate a dashboard created by an administrator in DataEase

DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. In affected versions a missing authorization check allows unauthorized users to manipulate a dashboard created by the administrator. This vulnerability has been fixed in version 1.18.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-DataEase (FIT2CLOUD Inc.)
Product-dataeasedataeasedataease
CWE ID-CWE-862
Missing Authorization
CVE-2023-33970
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.20% / 41.76%
||
7 Day CHG~0.00%
Published-05 Jun, 2023 | 19:54
Updated-08 Jan, 2025 | 16:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing access control in internal task links feature in Kanboard

Kanboard is open source project management software that focuses on the Kanban methodology. A vulnerability related to a `missing access control` was found, which allows a User with the lowest privileges to leak all the tasks and projects titles within the software, even if they are not invited or it's a personal project. This could also lead to private/critical information being leaked if such information is in the title. This issue has been addressed in version 1.2.30. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-kanboardkanboard
Product-kanboardkanboard
CWE ID-CWE-862
Missing Authorization
CVE-2023-51680
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 31.76%
||
7 Day CHG~0.00%
Published-12 Jun, 2024 | 08:46
Updated-02 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Quotes for WooCommerce plugin <= 2.0.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in TechnoVama Quotes for WooCommerce.This issue affects Quotes for WooCommerce: from n/a through 2.0.1.

Action-Not Available
Vendor-technovamaTechnoVama
Product-quotes_for_woocommerceQuotes for WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2023-32094
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.09% / 26.80%
||
7 Day CHG+0.01%
Published-09 Dec, 2024 | 11:30
Updated-09 Dec, 2024 | 13:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Extended Post Status plugin <= 1.0.19 - Broken Access Control vulnerability

Missing Authorization vulnerability in Felix Welberg Extended Post Status allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Extended Post Status: from n/a through 1.0.19.

Action-Not Available
Vendor-Felix Welberg
Product-Extended Post Status
CWE ID-CWE-862
Missing Authorization
CVE-2024-7621
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 13.20%
||
7 Day CHG~0.00%
Published-10 Aug, 2024 | 02:01
Updated-12 Aug, 2024 | 16:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Visual Website Collaboration, Feedback & Project Management – Atarim <= 4.0.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update

The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the process_wpfeedback_misc_options() function in all versions up to, and including, 4.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugins settings which can also be leveraged to gain access to the plugin's settings.

Action-Not Available
Vendor-wpfeedbackwpfeedback
Product-Visual Website Collaboration, Feedback & Project Management – Atarimvisual_website_collaboration
CWE ID-CWE-862
Missing Authorization
CVE-2023-32240
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 24.06%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 15:05
Updated-03 Jan, 2025 | 18:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Woodmart theme <= 7.2.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Xtemos WoodMart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WoodMart: from n/a through 7.2.1.

Action-Not Available
Vendor-XTemos Studio
Product-WoodMart
CWE ID-CWE-862
Missing Authorization
CVE-2025-8807
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.03%
||
7 Day CHG~0.00%
Published-10 Aug, 2025 | 11:32
Updated-12 Aug, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
xujeff tianti 天梯 save authorization

A vulnerability was found in xujeff tianti 天梯 up to 2.3. It has been declared as critical. This vulnerability affects unknown code of the file /tianti-module-admin/user/ajax/save. The manipulation leads to missing authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-xujeff
Product-tianti 天梯
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-31214
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.10% / 28.53%
||
7 Day CHG+0.01%
Published-09 Dec, 2024 | 11:30
Updated-09 Dec, 2024 | 13:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Quick Post Duplicator plugin <= 2.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Arul Prasad J WP Quick Post Duplicator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Quick Post Duplicator: from n/a through 2.0.

Action-Not Available
Vendor-Arul Prasad J
Product-WP Quick Post Duplicator
CWE ID-CWE-862
Missing Authorization
CVE-2024-6392
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.13% / 32.71%
||
7 Day CHG~0.00%
Published-11 Jul, 2024 | 21:31
Updated-15 Aug, 2024 | 14:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Image Optimizer, Resizer and CDN – Sirv <= 7.2.7 - Authenticated(Subscriber+) Missing Authorization to Plugin Settings Update

The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized plugin settings modification due to missing capability checks on the plugin functions in all versions up to, and including, 7.2.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change the connected Sirv account to an attacker-controlled one.

Action-Not Available
Vendor-sirvsirv
Product-sirvImage Optimizer, Resizer and CDN – Sirv
CWE ID-CWE-862
Missing Authorization
CVE-2024-37929
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.3||MEDIUM
EPSS-0.09% / 26.61%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:18
Updated-04 Nov, 2024 | 14:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress User Activity Log Pro plugin <= 2.3.4 - Subscriber+ Multiple Broken Access Control vulnerability

Missing Authorization vulnerability in solwin User Activity Log Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Activity Log Pro: from n/a through 2.3.4.

Action-Not Available
Vendor-solwin
Product-User Activity Log Pro
CWE ID-CWE-862
Missing Authorization
CVE-2023-29237
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.3||MEDIUM
EPSS-0.11% / 30.78%
||
7 Day CHG+0.01%
Published-09 Dec, 2024 | 11:31
Updated-09 Dec, 2024 | 13:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Remove Duplicate Posts plugin <= 1.3.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Muhammad Rehman Remove Duplicate Posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Remove Duplicate Posts: from n/a through 1.3.5.

Action-Not Available
Vendor-Muhammad Rehman
Product-Remove Duplicate Posts
CWE ID-CWE-862
Missing Authorization
CVE-2023-2945
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-4.3||MEDIUM
EPSS-0.21% / 43.82%
||
7 Day CHG+0.04%
Published-27 May, 2023 | 00:00
Updated-14 Jan, 2025 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Authorization in openemr/openemr

Missing Authorization in GitHub repository openemr/openemr prior to 7.0.1.

Action-Not Available
Vendor-OpenEMR Foundation, Inc
Product-openemropenemr/openemr
CWE ID-CWE-862
Missing Authorization
CVE-2019-0386
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-6.3||MEDIUM
EPSS-0.25% / 48.30%
||
7 Day CHG~0.00%
Published-13 Nov, 2019 | 22:18
Updated-04 Aug, 2024 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Order processing in SAP ERP Sales (corrected in SAP_APPL 6.0, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18) and S4HANA Sales (corrected in S4CORE 1.0, 1.01, 1.02, 1.03, 1.04) does not execute the required authorization checks for an authenticated user, which can result in an escalation of privileges.

Action-Not Available
Vendor-SAP SE
Product-s4hana_saleserp_salesS4HANA Sales (S4CORE)SAP ERP Sales (SAP_APPL)
CWE ID-CWE-862
Missing Authorization
CVE-2024-56225
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.10% / 27.68%
||
7 Day CHG~0.00%
Published-31 Dec, 2024 | 10:23
Updated-31 Dec, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Premium Addons for Elementor plugin <= 4.10.56 - Broken Access Control vulnerability

Missing Authorization vulnerability in Leap13 Premium Addons for Elementor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Premium Addons for Elementor: from n/a through 4.10.56.

Action-Not Available
Vendor-Leap13
Product-Premium Addons for Elementor
CWE ID-CWE-862
Missing Authorization
CVE-2021-40884
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-0.26% / 48.95%
||
7 Day CHG~0.00%
Published-11 Oct, 2021 | 10:46
Updated-04 Aug, 2024 | 02:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Projectsend version r1295 is affected by sensitive information disclosure. Because of not checking authorization in ids parameter in files-edit.php and id parameter in process.php function, a user with uploader role can download and edit all files of users in application.

Action-Not Available
Vendor-projectsendn/a
Product-projectsendn/a
CWE ID-CWE-862
Missing Authorization
CVE-2024-56217
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 20.45%
||
7 Day CHG~0.00%
Published-31 Dec, 2024 | 10:21
Updated-21 Mar, 2025 | 15:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Download Manager plugin <= 3.3.03 - Broken Access Control vulnerability

Missing Authorization vulnerability in W3 Eden, Inc. Download Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Manager: from n/a through 3.3.03.

Action-Not Available
Vendor-W3 Eden, Inc.
Product-download_managerDownload Manager
CWE ID-CWE-862
Missing Authorization
CVE-2020-6298
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-8.3||HIGH
EPSS-0.24% / 47.67%
||
7 Day CHG~0.00%
Published-12 Aug, 2020 | 13:41
Updated-04 Aug, 2024 | 08:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP Banking Services (Generic Market Data), versions - 400, 450, 500, allows an unauthorized user to display protected Business Partner Generic Market Data (GMD) and change related GMD key figure values, due to Missing Authorization Check.

Action-Not Available
Vendor-SAP SE
Product-generic_market_dataSAP Banking Services (Generic Market Data)
CWE ID-CWE-862
Missing Authorization
CVE-2023-28417
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.09% / 26.80%
||
7 Day CHG+0.01%
Published-09 Dec, 2024 | 11:31
Updated-09 Dec, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Dynamics 365 Integration plugin <= 1.3.12 - Broken Access Control vulnerability

Missing Authorization vulnerability in AlexaCRM Dynamics 365 Integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dynamics 365 Integration: from n/a through 1.3.12.

Action-Not Available
Vendor-AlexaCRM
Product-Dynamics 365 Integration
CWE ID-CWE-862
Missing Authorization
CVE-2025-5692
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 16.40%
||
7 Day CHG~0.00%
Published-02 Jul, 2025 | 02:03
Updated-27 Aug, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Lead Form Data Collection to CRM <= 3.1 - Missing Authorization to Authenticated (Subscriber+) Many Actions

The Lead Form Data Collection to CRM plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the ~/includes/LB_admin_ajax.php file in all versions up to, and including, 3.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform several actions like updating settings. Initially this CVE was assigned specifically to all AJAX actions and the doFieldAjaxAction() function, however it was determined that CVE-2025-47690 is assigned to the doFieldAjaxAction() function that leads to arbitrary options updates.

Action-Not Available
Vendor-smackcoderssmackcoders
Product-lead_form_data_collection_to_crmLead Form Data Collection to CRM
CWE ID-CWE-862
Missing Authorization
CVE-2023-27449
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.3||MEDIUM
EPSS-0.11% / 30.78%
||
7 Day CHG+0.01%
Published-09 Dec, 2024 | 11:31
Updated-09 Dec, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Total Poll Lite plugin <= 4.8.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in TotalSuite Total Poll Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Total Poll Lite: from n/a through 4.8.6.

Action-Not Available
Vendor-TotalSuite
Product-Total Poll Lite
CWE ID-CWE-862
Missing Authorization
CVE-2024-34826
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.3||MEDIUM
EPSS-0.08% / 25.55%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 15:07
Updated-02 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CF7 WOW Styler plugin <= 1.6.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in Tobias Conrad Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler.This issue affects Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler: from n/a through 1.6.4.

Action-Not Available
Vendor-Tobias Conrad
Product-Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler
CWE ID-CWE-862
Missing Authorization
CVE-2021-40501
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-8.1||HIGH
EPSS-0.18% / 40.12%
||
7 Day CHG~0.00%
Published-10 Nov, 2021 | 15:22
Updated-04 Aug, 2024 | 02:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP ABAP Platform Kernel - versions 7.77, 7.81, 7.85, 7.86, does not perform necessary authorization checks for an authenticated business user, resulting in escalation of privileges. That means this business user is able to read and modify data beyond the vulnerable system. However, the attacker can neither significantly reduce the performance of the system nor stop the system.

Action-Not Available
Vendor-SAP SE
Product-abap_platform_kernelSAP ABAP Platform Kernel
CWE ID-CWE-862
Missing Authorization
CVE-2023-22836
Matching Score-4
Assigner-Palantir Technologies
ShareView Details
Matching Score-4
Assigner-Palantir Technologies
CVSS Score-3.5||LOW
EPSS-0.06% / 17.32%
||
7 Day CHG~0.00%
Published-29 Jan, 2024 | 18:50
Updated-17 Jun, 2025 | 21:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
In cases where a multi-tenant stack user is operating Foundry’s Linter service, and the user changes the linter name from the default value, the renamed value may be visible to the rest of the stack’s tenants.

In cases where a multi-tenant stack user is operating Foundry’s Linter service, and the user changes a group name from the default value, the renamed value may be visible to the rest of the stack’s tenants.

Action-Not Available
Vendor-guardiansoftPalantir
Product-guardiancom.palantir.skywise:guardian
CWE ID-CWE-862
Missing Authorization
CVE-2023-23640
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.21% / 43.17%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 09:15
Updated-05 Oct, 2024 | 02:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MainWP UpdraftPlus Extension Plugin <= 4.0.6 - Subscriber+ Arbitrary Plugin Activation Vulnerability

Missing Authorization vulnerability in MainWP MainWP UpdraftPlus Extension.This issue affects MainWP UpdraftPlus Extension: from n/a through 4.0.6.

Action-Not Available
Vendor-mainwpMainWPmainwp
Product-updraftplus_extensionMainWP UpdraftPlus Extensionmainwp_updraftplus_extension
CWE ID-CWE-862
Missing Authorization
CVE-2023-23639
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.21% / 43.17%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 09:13
Updated-09 Oct, 2024 | 17:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MainWP Staging Extension Plugin <= 4.0.3 - Subscriber+ Arbitrary Plugin Activation Vulnerability

Missing Authorization vulnerability in MainWP MainWP Staging Extension.This issue affects MainWP Staging Extension: from n/a through 4.0.3.

Action-Not Available
Vendor-mainwpMainWP
Product-staging_extensionMainWP Staging Extension
CWE ID-CWE-862
Missing Authorization
CVE-2023-23611
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.15% / 35.68%
||
7 Day CHG~0.00%
Published-25 Jan, 2023 | 05:39
Updated-10 Mar, 2025 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
xblock-lti-consumer contain Missing Authorization in Grade Pass Back Implementation

LTI Consumer XBlock implements the consumer side of the LTI specification enabling integration of third-party LTI provider tools. Versions 7.0.0 and above, prior to 7.2.2, are vulnerable to Missing Authorization. Any LTI tool that is integrated with on the Open edX platform can post a grade back for any LTI XBlock so long as it knows or can guess the block location for that XBlock. An LTI tool submits scores to the edX platform for line items. The code that uploads that score to the LMS grade tables determines which XBlock to upload the grades for by reading the resource_link_id field of the associated line item. The LTI tool may submit any value for the resource_link_id field, allowing a malicious LTI tool to submit scores for any LTI XBlock on the platform. The impact is a loss of integrity for LTI XBlock grades. This issue is patched in 7.2.2. No workarounds exist.

Action-Not Available
Vendor-openedxopenedx
Product-xblock-lti-consumerxblock-lti-consumer
CWE ID-CWE-862
Missing Authorization
CVE-2023-22488
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.04% / 10.58%
||
7 Day CHG~0.00%
Published-12 Jan, 2023 | 19:24
Updated-10 Mar, 2025 | 21:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing authorization in Flarum

Flarum is a forum software for building communities. Using the notifications feature, one can read restricted/private content and bypass access checks that would be in place for such content. The notification-sending component does not check that the subject of the notification can be seen by the receiver, and proceeds to send notifications through their different channels. The alerts do not leak data despite this as they are listed based on a visibility check, however, emails are still sent out. This means that, for extensions which restrict access to posts, any actor can bypass the restriction by subscribing to the discussion if the Subscriptions extension is enabled. The attack allows the leaking of some posts in the forum database, including posts awaiting approval, posts in tags the user has no access to if they could subscribe to a discussion before it becomes private, and posts restricted by third-party extensions. All Flarum versions prior to v1.6.3 are affected. The vulnerability has been fixed and published as flarum/core v1.6.3. All communities running Flarum should upgrade as soon as possible to v1.6.3. As a workaround, disable the Flarum Subscriptions extension or disable email notifications altogether. There are no other supported workarounds for this issue for Flarum versions below 1.6.3.

Action-Not Available
Vendor-flarumflarum
Product-flarumframework
CWE ID-CWE-862
Missing Authorization
CVE-2018-20501
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.12% / 31.47%
||
7 Day CHG~0.00%
Published-30 Dec, 2019 | 21:24
Updated-05 Aug, 2024 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control.

Action-Not Available
Vendor-n/aGitLab Inc.
Product-gitlabn/a
CWE ID-CWE-862
Missing Authorization
CVE-2023-22699
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 23.92%
||
7 Day CHG~0.00%
Published-25 Mar, 2024 | 11:32
Updated-02 Aug, 2024 | 10:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MainWP Wordfence Extension Plugin <= 4.0.7 - Subscriber+ Arbitrary Plugin Activation Vulnerability

Missing Authorization vulnerability in MainWP MainWP Wordfence Extension.This issue affects MainWP Wordfence Extension: from n/a through 4.0.7.

Action-Not Available
Vendor-MainWP
Product-MainWP Wordfence Extension
CWE ID-CWE-862
Missing Authorization
CVE-2024-54323
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 14.80%
||
7 Day CHG~0.00%
Published-13 Dec, 2024 | 14:25
Updated-13 Dec, 2024 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress New User Approve plugin <= 2.6.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPExpertsio New User Approve allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects New User Approve: from n/a through 2.6.2.

Action-Not Available
Vendor-WPExpertsio
Product-New User Approve
CWE ID-CWE-862
Missing Authorization
CVE-2024-31281
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.3||MEDIUM
EPSS-0.34% / 55.69%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 08:54
Updated-02 Aug, 2024 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Church Admin plugin <= 4.1.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Andy Moyle Church Admin church-admin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Church Admin: from n/a through 4.1.6.

Action-Not Available
Vendor-Andy Moyle
Product-Church Admin
CWE ID-CWE-862
Missing Authorization
CVE-2018-2419
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-3.7||LOW
EPSS-0.18% / 40.16%
||
7 Day CHG~0.00%
Published-09 May, 2018 | 20:00
Updated-05 Aug, 2024 | 04:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP Enterprise Financial Services (SAPSCORE 1.11, 1.12; S4CORE 1.01, 1.02; EA-FINSERV 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

Action-Not Available
Vendor-SAP SE
Product-sapscores4coreea-finservSAP Enterprise Financial Services (S4CORE)SAP Enterprise Financial Services (SAPSCORE)SAP Enterprise Financial Services (EA-FINSERV)
CWE ID-CWE-862
Missing Authorization
CVE-2020-36833
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.3||MEDIUM
EPSS-0.12% / 31.77%
||
7 Day CHG~0.00%
Published-16 Oct, 2024 | 06:43
Updated-16 Oct, 2024 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Indeed Membership Pro 7.3 - 8.6 - Missing Authorization Checks

The Indeed Membership Pro plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on various AJAX actions in versions 7.3 - 8.6. This makes it possible for authenticated attacker, with minimal permission, such as a subscriber, to perform a variety of actions such as modifying settings and viewing sensitive data.

Action-Not Available
Vendor-wpindeed
Product-Indeed Membership Pro
CWE ID-CWE-862
Missing Authorization
CVE-2024-27970
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.17% / 38.98%
||
7 Day CHG~0.00%
Published-21 Mar, 2024 | 15:25
Updated-02 Aug, 2024 | 00:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP SendFox plugin <= 1.3.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in BogdanFix WP SendFox.This issue affects WP SendFox: from n/a through 1.3.0.

Action-Not Available
Vendor-BogdanFix
Product-WP SendFox
CWE ID-CWE-862
Missing Authorization
CVE-2022-4974
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.3||MEDIUM
EPSS-0.07% / 22.11%
||
7 Day CHG~0.00%
Published-16 Oct, 2024 | 06:43
Updated-16 Oct, 2024 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Freemius SDK <= 2.4.2 - Missing Authorization Checks

The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.

Action-Not Available
Vendor-wpscriptskokomowebstylingwebbenrenaudbodedgegallerypluginwpcohortpippozanardopagebuildersandwichsmusman98muhammad-rehmansslzentauhidprofastaf/jetixwpdanielealessandrapagupthemeseidvizheniawpconedevbavokoservicesjanthielemannskshaikatwpt00lsmarviorochabouncingsproutmberdingcliffpaulickbfintalcodeiesmilukovemdedevsamuelsilvaptstarfishwptonyzeoliw3scloudpootlepress/fullworkswpbitslinekalcodexonicsdanish-alilostboy7benmoreassyntwpvibesdaniyalahmedkolezhyk5webmuehledarellxjohnyklukeseagerthemestystreamweaselswphrmanagerzerozendesignivanchernyakov9brada6tobias_conrad/bestpluginswordpressbadhonrockspootlepressmatthias-reutertribalnerdalanfullerthemeythemeswp-makingtycoon12344iksstudiorankbearspartacscrollsequencemajicklkoudalankitmaruwptbtobias_conradjosevegadangub86moomooagencytheafricanboss/attestimtiazrayhanmaciejbak85cebbipaulio21ahmed17galoovercommercepunditwebheadllceedeeivan_paulinkitforesttickerakhothemeschetmacmodulemasterstprintyedisonaveclosemarketing/gowebsmartymarcqueraltchillichalliwhiteshadowsalttechnowptravelenginepmbaldha/sslatlasdrosendobradvinalphabposerviceatakanozlitonice13unitecmskairashabticleverpluginssjavedrichard-bgloriousthemespowerfulwpstevehentyjkohlbachmohammedrezqpeterschulznlprinceahmedkitthemesmunirkamalandyabelowsamdanidiviframeworkcreativethemeshqversacompgfiremdudokrspsj_oaharonyanmvvapps/davidandersonoceanwppassionatebrainscodesavoryxplodedthemeslivemeshsindyakinsergeimattpramschuferswitcorpwpdeliciousdgwyergiladtakoniclickervoltwpschoolcalendarprotectyouruploadsjburleigh1rafalosinskijohnc1979anfrageformularclosemarketingcypressnorthequalizedigitalalleythemeswoodyhaydayoceasrebelcodepopeatingaguilerasoftelliotvsdam6plekanathmilmorsonalsinha21dipcodeshelob9svenl77jurskicloudspongemaltathemesjwebsolpluginandplaywpcohort/pluginswarewgaugenpluginswppluginexpertsupfivdamian-goramelapresscodeatlanticwpeventpartners/wpexpertsioirkanuavidthemes/theafricanbossslidedeckweconnectcodeappexpertsioblocksparewiserstepssakurapixelinterfacelabmeowcrewmajick/ethereumicoioskymindsjavmahnicheaddonsalex-yerisethemeblockypagedjenhwpsoulfoxmoonmnelson4ggriesserwoopopsgallerycreatormumarym1985collizo4skysovstackthinleekpremmercewalkerwpsyntacticsgkher/wpgeniuzwpmagicssvovafwebtechstreetpatrickposnerggeddetranzlywpmunichtripettotakanakuiessekiaglowlogixmikebelsintoxstudiomojofywpwpdevpowersnasirahmedoloyede-jamiuthecodechimedreamfoxkylegilmanmantrabraininfosatechmhmrajibhiddenpearlsultimateblocksplugins360thijzienitin247infornwebtoddhalfpennymbrown24cloudlivingkkikuchi1220zeethemelimbcodeultradevsproteusthemesfsruslanpmbaldhaalexmossldninjas/vincoitactuaryzaskbilaltasdovypcmbibby/surbmakaizencodersdejanmarkovicmulticollabmohsinofflinesebetwpeka-clubalekvstevejburgepatrickgarmanjanwylcyberhoboarabianmidoivacykaggdesignroyalnavneetmcurlyusmanaliqureshijaydeep-nimavatbpluginsvinod-dalviseezeepenguininitiativesbeeneebmeepluginswupoxyulexbrandonfiredotsshawoninfoboriscolombier/paretodigitalvanyukovblockmeisterkartikparmar/ejslondon/maurolopes/kartechifyuriahs-victorronena100tropicalistagetsparrowcarlosmoreiraptvernaljcodexbycrikmte90halmatdeothemeswordpresschefdivisumofrostbourninvisnetprasadkirpekarninjalibsseancarricoannastaajwindshamim51staxwpmikewire_rocksolidmaxsdesignkartikparmarmihail-barinovibenicsebet/boltonstudiosmatstarstherealwebdisruptsmartwpressthemelocationkenanfallongreenjaymediacromer12bandidoelementinvaderwpchill5starpluginsmilukove/cadudecastroalvesh3technologieslynn999webba-agencymasterblockswordplussangaranco2okpasyukfrenifydotrexprelcsetkahqthemejamesparkninjaflexithemesdaigo75anssilaitilawpmoosebuttonizeranasbinmukimlistplussmgteamakdevsblackandwhitedigitalsnazzythemeswpengineelbisneroinputwphumblethemeswpdeverrafacarvalhidojack-kitterhingwpjolivohotv/Royal Elementor AddonsBdThemesThe Events Calendar (StellarWP)Themeisle
Product-Panorama Viewer- Best Plugin to Display Panoramic Images/VideosWooCommerce Variation Swatches for ProductsEasy Post Views CountWoocommerce Customer Reviews with Artificial Intelligence analyzis, with IBM Watson Tone AnalyzerOcean ExtraCodeKit – Custom Codes EditorForm Vibes – Database Manager for FormsGFireM Advance SearchSTEWoo – Super Transactional Emails for WooCommerceBlockMeister – Block Pattern BuilderWordPress Directory Plugin For Business Listings – WP Local PlusAirpressWP Sessions Time Monitoring Full AutomaticEmails Blacklist for Everest FormsSmart Floating / Sticky Buttons – Call, Sharing, Chat Widgets & More – ButtonizerExpire tagsXT Ajax Add To Cart for WooCommerceBefore and After Product Images for WooCommerceVillarWP Search FilterFunnelmentalsFrontend group restriction for LearnDashSEO BoosterTeam Members – A WordPress Team Plugin with Gallery, Grid, Carousel, Slider, Table, List, and MorePro Broken Links MaintainerPremmerce Product Filter for WooCommerceDancePress (TRWA)Walker CoreBAVOKO SEO Tools – All-in-One WordPress SEOWP Security Safejav&#039;s – WooCommerce and Trello integration WooTrelloWP School CalendarBooking Addon for WooCommerceStation ProProduct Carousel For WooCommerce – WoorouSellCartPops – High Converting Add To Cart Popup For WooCommerceGiveaways for woocommerceBuddyPress WooCommerce My Account Integration. Create WooCommerce Member PagesGreenshift – animation and page builder blocksAtlas – Knowledge BaseWP GratifyBetter Messages – Integration for WC Vendors MarketplaceBlocksy CompanionQyrr – simply and modern QR-Code creationannasta Woocommerce Product FiltersWP Tools Gravity Forms Divi ModuleTablesome – Form DB & Automation – WPForms, Contact Form 7, Elementor, Forminator, Fluent, GravityClimateClick: Climate Action for allA no-code page builder for beautiful performance-based contentArendelleMarket ExporterConnected SermonsLightbox & Modal Popup WordPress Plugin – FooBoxStarfish Review Generation & Marketing for WordPressWooCommerce Disable Payment Methods based on cart conditionsSticky add to cart for WooPost Slider and Post Carousel with Post Vertical Scrolling Widget – A Responsive Post SliderSecurity Ninja – Secure Firewall & Secure Malware ScannerPopOverXYZ – Show Light Weight Beautiful Tool Tips On Any TextEasy Age VerifyNotification Bar, Announcement and Cookie Notice WordPress Plugin – FooBarPremmerce Variation Swatches for WooCommerceProduct Size Charts Plugin for WooCommercePost Carousel DiviAge Verification Screen for WooCommerceSuper Video Player- Best WordPress Video Display Plugin for mp4/OGGSimple Giveaways – Grow your business, email lists and traffic with contestsHQTheme ExtraGlossaryAutomizy Gravity FormsExtend Filter Products By Price WidgetOrder and Inventory Manager for WooCommerceAdvanced Database ReplacerStore Toolkit – WooCommerce Extensions, Quick Enhancements & Handy ToolsLivemesh Addons for Beaver BuilderAbeta Link PunchOutMaster Blocks – Gutenberg Site BuilderPremmerce Permalink Manager for WooCommerceShipping Method Display Style for WooCommerceSpanish Market Enhancements for WooCommerceFeedbackScout: The easiest way to collect, prioritise, manage and track customer feedback.Restaurant & Cafe Addon for ElementorPost Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)WordPress Slider Block GutensliderWP Lead StreamAquarella LiteReally Simple Featured Video – Featured video support for Posts, Pages & WooCommerce ProductsVidSEO | WordPress Video SEO embedder with transcripts (Youtube & Vimeo)WPMailer – The best mail builder, No More Core for your emails support Elementor, CF7 forms etc…Multi Page Auto Advance for Gravity FormsTreePress – Easy Family Trees & Ancestor ProfilesCookie Consent for WP – Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy)3D Viewer – 3D Model Viewer PluginPurusDisplay Eventbrite EventsMedia Cloud for Bunny CDN, Amazon S3, Cloudflare R2, Google Cloud Storage, DigitalOcean and moreAPPExperts – Mobile App Builder for WordPress | WooCommerce to iOS and Android AppsWP Event Partners – WordPress Plugin for Event and Conference ManagementFloating Social Share Icons and Social Share buttons – Next Previous Post Links – FLPortfolio for Elementor & Image Gallery | PowerFolioWidgets for WooCommerce Products on ElementorStoreCustomizer – A plugin to Customize all WooCommerce PagesEmail Tracker – Email Tracking Plugin to track Emails for Open and Email Links Click (Compatible with WooCommerce)Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)Custom WooCommerce Checkout Fields EditorEqualize Digital Accessibility Checker – Audit Your Website for WCAG, ADA, and Section 508 Accessibility ErrorsSalon Booking SystemWooCommerce EU VAT AssistantThe Events CalendarBulk Attachment DownloadListPlus – Unlimited Listing DirectoryMenu Item SchedulerWP Photo EffectsWordPress Reviews by ReviewPressAuto SEO META keywords (META tags keywords) optimization + WooCommerceJoli Table Of ContentsOne Click LoginEmail Header FooterBulk Auto Image Title Attribute (Image Title tag) optimizer (Image SEO)Woocommerce Customers Order HistoryImage Photo Gallery Final Tiles GridNitek Carousel Slider Cool TransitionsEasy Zillow ReviewsStreamCast – Radio Player for WordPressXT Variation Swatches for WooCommerceMenu Image, Icons made easyCryptocurrency Portfolio TrackerWS BootstrapWP Mobile Menu – The Mobile-Friendly Responsive MenuFast Checkout for WooCommerceSmart Variations Images & Swatches for WooCommerceMailChimp ManagerWp My Admin BarDeals of the Day WooCommerceHasiumResponsive Social Slider WidgetPage Builder Gutenberg Blocks – Kioken BlocksPage Builder Sandwich – Front End WordPress Page Builder PluginLivemesh SiteOrigin WidgetsViralikeCustom Registration and Custom Login Forms with New RecaptchaBattle Suit for DiviJDs PortfolioSV Proven ExpertVO Store Locator – WP Store Locator PluginReset Course Progress For LearnDashFront End PMRecurWP – WordPress Recurly Payment GatewayGlorious Services & SupportShubanIvory Search – WordPress Search PluginServer InfoBlog Sidebar WidgetAgy – Age verification for WooCommerceGoogle Analytics plugin for WordPress by GA4WPWP EasyPay – Square for WordPressWP Munich Blocks – Gutenberg Blocks for WordPressPremmerce Wishlist for WooCommerceNokkeBroadcast LiteWP Conference ScheduleEasy Newsletter SignupsAlley Business ToolkitReplyable – Subscribe to Comments and Reply by EmailNumber ChatCountry Based Payments for WooCommerceWebinar Solution: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnitionSchema Plugin For Divi, Gutenberg & ShortcodesPower Ups for ElementorWordPress Everse Starter Sites – Elementor TemplatesContact Form 7 Multi-Step FormsAccept Stripe Donation and Payments – AidWPInternal Link Juicer: SEO Auto Linker for WordPressWoo UkrposhtaPage Builder for Gutenberg – StarterBlocksGet feedback from visitors – WP Feedback Suite PluginNEXUSBanner Management For WooCommerceScheduled Notification BarUltimate Blocks – WordPress Blocks PluginGenealogical Tree – WordPress Family TreeLearnMoreMaster Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & AnimationsProduct Author for WooCommerceLightbox – EverlightBox GalleryImpexium Single Sign OnLive TV Player – Worldwide Live TV Channels Player for WordPressPrice Bands for WooCommerceVit Website ReviewsRevolution for ElementorGloriousThemes Starter SitesWordPress Robots.txt optimizer (+ XML Sitemap) – Boost SEO, Traffic & RankingsGallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native galleryGo Fetch Jobs (for WP Job Manager)Geo MashupFive-Star Ratings ShortcodeActivity Log For MainWPContent Aware Sidebars – Fastest Widget Area PluginBaniInsert or Embed Articulate Content into WordPressRadio Station by netmix® – Manage and play your Show Schedule in WordPress!Anfrageformular – Multi Step Drag & Drop Formular Builder – LeadgenerierungTabs with Recommended Posts (Widget)Performance KitWP BugBotTag Groups is the Advanced Way to Display Your Taxonomy TermsRW Divi Unite GalleryWP Get PersonalAdvance Menu ManagerBulk WooCommerce Category CreatorWP Delicious – Recipe Plugin for Food Bloggers (formerly Delicious Recipes)LawPress – Law Firm Website ManagementTinyMCE AnnotateElationElements for LifterLMSGFireM FieldsHooked Editable ContentConsultPress LiteFooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & CarouselCategorify – WordPress Media Library Category & File ManagerRestrict User Access – Ultimate Membership & Content ProtectionJustified GalleryLocal Delivery Drivers for WooCommerceStreamWeasels Twitch IntegrationFocus on Reviews for WooCommerceWP Frontend Admin – Display WP Admin Pages in the FrontendSimple Sitemap – Create a Responsive HTML SitemapOpenseaAdd Pinterest conversion tags for Pinterest Ads + Site verificationWordPress Coupon Plugin for Bloggers and Marketers – WP OffersCryptocurrency Product for WooCommerceFast WordPressExtra Fees Plugin for WooCommercePrint My Blog – Print, PDF, & eBook Converter WordPress PluginStreak CRM For Gmail For Contact Form 7 – WordPress PluginSpotlight Social Feeds – Block, Shortcode, and WidgetWP-HR Manager: The Human Resources Plugin for WordPressCAPTCHA 4WP – Antispam CAPTCHA solution for WordPressDeMomentSomTres Grid ArchiveTarot Card OracleIntegrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files into Your WordPress SiteWooCommerce Customers Table: View, Search, Bulk EditorChat Button- Leads and Order over ChatAll in One Invite CodesWP Meta and Date RemoverRating-Widget: Star Review SystemSurbma | GDPR Proof Cookie Consent & Notice BarEasy Code SnippetsComments Not Replied ToImage Carousel For DiviCuisine PalaceWP Radio – Worldwide Online Radio Stations Directory for WordPressElastaDivi CollageSparrow: Product Reviews and Ratings for WooCommerceSV Tracking ManagerUltra Elementor AddonsWooCommerce Next Order CouponWP Contact SliderLive Scores for SportsPressPast Events ExtensionTiered Pricing Table for WooCommerceAnyWhere ElementorWP Coupons and Deals – WordPress Coupon PluginSky Login RedirectWPTools Masonry Gallery & Posts For DiviNugget by Ingot: Easy, automated and native A/B testing for everyoneWP Post BlockEverseProduct Options and Price Calculation Formulas for WooCommerce – Uni CPOFeatured Images in RSS for Mailchimp & MoreFiboSearch – Ajax Search for WooCommercePost Snippets – Custom WordPress Code Snippets CustomizerWP Smart Export (Free)Coinbase Commerce – Crypto Gateway for WooCommerceWP Dev Powers – Display Screen Dimensions to Admin PluginSSL Atlas – Free SSL Certificate & HTTPS Redirect for WordPressWP fail2ban – Advanced Security PluginXT Floating Cart for WooCommerceAuthorize.Net Payment Gateway For WooCommerceDivi Forms Styler – Gravity Forms, Fluent Forms & Contact Form 7Multipurpose Gutenberg BlockFood Store – Online Food Delivery & PickupEthereumICOACF for WooCommerce ProductPremmerce Redirect ManagerDesign for Contact Form 7 Style WordPress Plugin – CF7 WOW StylerKVoucherSheetPress – Manage WordPress Meta data with Google SheetsLive Drag and Drop Builder for Contact Form 7Ultimate Widgets LightPodcast Box – Best Podcasting Plugin for WordPressBlocked in China | Check if your site is available in the Chinese mainlandWP Author BioWooCommerce upcoming ProductsPremmerce Brands for WooCommerceVideo Player for YouTubeDelete All Comments of wordpressDigital Goods for WooCommerce CheckoutBulk Edit Posts and Products in SpreadsheetMarijuana Age VerifyWordPress News Plugin – TopNewsWpPremmerce WooCommerce Customers ManagerCP Simple NewsletterWP Frontend ProfileEasy Smooth Scroll Links – Smooth Scrolling AnchorPremmerce SEO for WooCommerceLittleBot InvoicesFrontend Admin by DynamiAppsInbound BrewCheckout with Venmo on EDDUltimate Post Kit Addons For Elementor – (Post Grid, Post Carousel, Post Slider, Category List, Post Tabs, Timeline, Post Ticker, Tag Cloud)WC Shop Sync – Square Payment Gateway for WooCommerce, Inventory Sync Between Square and WooCommerce, Ultimate WooCommerce Square PluginBulk Auto Image Alt Text (Alt tag, Alt attribute) optimizer (image SEO)Restrict – membership, site, content and user access restrictions for WordPressTK SmugMug Slideshow ShortcodeWP-Cron Status CheckerStrumenti Partita IVA per WoocommerceElementor Addons by LivemeshPrimary Addon for ElementorbbResolutionsNinja Libs Amazon SESWP SPID ItaliaMusic Player for Elementor – Audio Player & Podcast PlayerKnowledge Base documentation & wiki plugin – BasePress DocsModern Addons for Elementor Page BuilderBetter Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBossWP Group PromoterWidgets on PagesSpreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. Also, Display Google sheet as a Table.SVG Flags – Beautiful Scalable Flags For All Countries!Anti-Spam by Fullworks : GDPR Compliant Spam ProtectionBulk Edit Categories and Tags – Create Thousands Quickly on the EditorDelete old Posts automaticallyPremmerceTop Bar – PopUps – by WPOptinLMS Plugin – eLearning, Online Courses by AttestPost to Google My Business (Google Business Profile)EthPress – Web3 LoginUnakitLicense Manager for WooCommerceSync eCommerce NEOTK Google Fonts GDPR CompliantWP Affiliate DisclosureBlockspare: Gutenberg Blocks & Patterns for Blogs, Magazines, Business Sites – Post Grids, Sliders, Carousels, Counters, Page Builder & Starter Site Imports, No Coding NeededSpeculorDomain Mapping System | Create Microsites with Multiple Alias Domains (multisite optional)Ultimate Gutenberg – Custom Block TemplatesWidgets on Pages and PostsPayment gateway per Product for WooCommerceWP Notification BellConeBlog – Elementor Blog WidgetsWP Free SSL – Free SSL Certificate for WordPress and force HTTPSWP Table Builder – WordPress Table PluginMedia Library File DownloadEasy Social Feed – Social Photos Gallery – Post Feed – Like BoxCheckout with Zelle on WoocommerceWP EmailyUnlimited Elements For Elementor (Free Widgets, Addons, Templates)Frontend Admin – Add and edit posts, pages, users and more all from the frontendNicheBaseLimb Gallery | Create Beautiful Image & Video GalleriesRevivePress – Keep your Old Content EvergreenPixel Manager for WooCommerce – Track Google Analytics, Google Ads, TikTok and morePostcode RedirectW3SCloud Contact Form 7 to Zoho CRMShared Files – Frontend File Upload Form & Secure File SharingGrid & Styler For Contact Form 7 And DiviBlock, Suspend, Report for BuddyPressКнопка ЮMoneyChange Price Title for WooCommerceForceFieldHide Shipping Method For WooCommerceWordPress SEO ChecklistEvents Addon for ElementorSend Prebuilt EmailsWP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, Security+Appointment & Event Booking Calendar Plugin – Webba BookingDelete Duplicate PostsAlt ManagerJoli FAQ SEO – WordPress FAQ PluginChange Prices with Time for WooCommerceAdvanced Page Visit Counter – Most Wanted Analytics Plugin for WordPressKRSP Frontend File UploaderPay For Post with WooCommerceWooCommerce Bulk Edit Coupons – WP Sheet EditorPosts List Designer by Category – List Category Posts Or Recent PostsLocalSEOMapGFireM Action AfterBookPress – For Book AuthorsAdd Expires Headers & Optimized MinifyCoupon Affiliates – Affiliate Plugin for WooCommerceWP Activity LogDivi Content RestrictorCartoon UrlEvents Calendar RegistrationSecure IP LoginsShare This ImageDashy – Google Analytics advanced dashboardAmelaWordPress Dev Powers – ACF Color Coded Field Types PluginGutenberg Blocks – ACF Blocks SuiteScrollsequence – Cinematic Scroll Image Animation PluginPayment Gateway for PayFabricRankBearAwesome SSLFeatured Products First for WooCommerce – A Extension of WooCommerce (WooCommerce Addon Plugin)South Pole: Climate action nowPremmerce User RolesAdd Twitter Pixel for Twitter adsQuote for WooCommerce Lite – Add to Quote Plugin Lets Customers Request Custom Quotes for Products using the Request a Quote Plugin for WooCommerceAvailability datepicker – Integrate with Contact Form 7 and DiviWooCommerce PayPlugWPBITS Addons For Elementor Page BuilderWP SMS Plugin – WordPress SMS Two Factor Authentication – 2FA, Two Factor, OTP SMS and EmailFullscreen MenuFuse Social Floating SidebarVideopackmyCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for GamificationBlock Styler For Gravity FormsPremmerce Wholesale Pricing for WooCommerceBook BuyBack PricesProduct Customer List for WooCommerceGift Message for WooCommerceEasy PrayerPremmerce Multi-currency for WoocommerceQuick Paypal PaymentsMigrate WordPress Website & Backups – Prime MoverIks Menu – WordPress Category Accordion Menu & FAQsContact List – Premium Staff Listing, Business Directory Plugin & Address BookWordPress form builder plugin for contact forms, surveys and quizzes – TripettoUltimeterEthereum WalletSurveyFunnel – Survey Plugin for WordPressClickerVolt – Affiliate Links & Click Tracking for Performance MarketersWordPress Translation plugin for Post, Pages & WooCommerce products. Tranzly IO AI DeepL automatic WordPress Translator.azw woocommerce file uploadsDeMomentSomTres AddressWordPress Persistent LoginDrop Shadow BoxesGenerate Images – Magic Post ThumbnailAdFoxly – Ad Manager, AdSense Ads & Ads.txtRemove Add to Cart WooCommerceDynamic Pricing and Discount Rules for WooCommerceRadio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPressWCC SEO Keyword ResearchFAQ Manager For Divi, Gutenberg Block & ShortcodeAny Popup – Popup Forms, Optins & AdsWadi SurveySlideDeck: Responsive WordPress Slider PluginDocument Viewer- Plugin to Display MS Office DocsXT Quick View for WooCommercePlace Order Without Payment for WooCommerceBetter SharingTeam Collaboration Plugin for WordPress Editorial teams- MulticollabWP Travel Engine – Tour Booking Plugin – Tour Operator SoftwareBetter Elementor AddonsQuick Event ManagerRun Contests, Raffles, and Giveaways with ContestsWPSKT Templates – 100% free Elementor & Gutenberg templatesDelivery for WooCommerceQuick Contact FormFAQ / Accordion / Docs – Helpie WordPress FAQ Accordion pluginRocket Maintenance Mode & Coming Soon PageEther and ERC20 tokens WooCommerce Payment GatewayWPVisitorInfo – Show Visitor Information & Conditional Data Based On That InformationHM Multiple RolesUltimate Carousel For DiviAFI – The Easiest Integration PluginWP MooseFraud Prevention For WooCommerce and EDDBest Responsive Comparison Table for Gutenberg Editor – NicheTableAdd Tiktok Pixel for Tiktok ads (+Woocommerce)Contact Widgets For Elementor all the contact links you need in one placeProtect Uploads with Login – Protect Your UploadsBulk Edit and Create User Profiles – WP Sheet EditorDa ReactionsMass Pages/Posts CreatorWholesale for WooCommerce — This Wholesale Plugin Helps B2B and B2C Businesses Streamline Wholesale Products, Pricing, and User Roles, Automating their WooCommerce Wholesale StoresQuick Affiliate StoreWordPress Animation Plugin – Animated EverythingWPBakery Page Builder Addons by LivemeshProduct Attachment for WooCommerceAnnouncement & Notification Banner – BulletinAll-in-One Video GallerySocial Gallery LiteRun time Image resizingWUPO Group Attributes for WooCommerceMapGeo – Interactive Geo MapsPinblocks — Gutenberg blocks with Pinterest widgetsDivi Torque Lite – Divi Theme and Extra ThemeSocialMark – Easy Watermark/Logo on Social Media Post Link Share PreviewSQL Reporting Services – SSRS Plugin for WordPressGet Directions MapCaxton – Create Pro page layouts in GutenbergAnt Admin Notices for TeamBetter Messages – WCFM IntegrationZip Code RedirectRedirection for Contact Form 7Custom Login Page CustomizerGet Better Reviews for WooCommerceNew User ApproveTurbo WidgetsMobile View for Responsive web design optimization (UX design) + Mobile Friendly TestThank You Page for WooCommerceBuilder for WooCommerce product reviews shortcodes – ReviewShortkk Star Ratings – Rate Post & Collect User FeedbacksLogo Showcase – Responsive Logo Carousel, Logo Slider & Logo GridRaCar Clear Cart for WooCommerceDeMomentSomTres Media Tools AutoWordPress Google TranslateEasy Tiktok FeedModern Designs for Gravity FormsEasy Math Captcha for CF7Filr – Secure document libraryPreloader for DiviMeridiaWidget Detector for ElementorBrandAutomatic YouTube GalleryRest Routes – Custom Endpoints for WordPress REST APIPurosaYatri ToolsWoowGallery – image gallery / content gallery / ecommerce gallery / social gallery / video gallery / album photo galleryWP Required Taxonomies – Categories and Tags MandatoryWordPress Books GalleryWP Disable SitemapAdd Linkedin insight tags for Linkedin adsProduct Image Watermark for WooFooter Plugin for DiviOverlay Image Divi ModuleDuplicate Variations for WoocommerceWooCommerce Google Analytics Integration By Advanced WC AnalyticsDrip Feed Content Extended for LearndashError Log MonitorBlog Grid & Post Grid – Blog Post Slider, Blog Post Carousel, Blog Post Ticker, Blog Post Masonry, Category Post Grid By News & Blog Designer PackPremmerce Product Search for WooCommerceYASR – Yet Another Star Rating Plugin for WordPressMultisite Robots.txt ManagerInternal Linking for SEO traffic & Ranking – Auto internal links (100% automatic)Woo Admin Product NotesRoyal Elementor Addons and TemplatesSnazzyAdmin WP Admin ThemeSocial KitwGauge – Free VersionElementor Addon ElementsWooCommerce Country Catalogs – Product Country RestrictionsWordPress SEO Audit Plugin – WP Site AuditorWP Tools Divi Product CarouselAds.txt & App-ads.txt Manager for WordPressSimple SponsorshipsKikote – Location Picker at Checkout & Google Address AutoFill Plugin for WooCommerceWP Page TemplatesGuest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front EditorWordPress WooCommerce Sync for Google SheetBooking Calendar | Appointment Booking | BookitFlat Rate Shipping Plugin For WooCommerceGuestofy – Restaurant Reservations Plugin, Room Planer, Reservation FormWP Link BioWordPress Dev Powers – Element Selector jQuery Powers PluginFull Page Blog DesignerTwentyFourth WP ScraperBlock Slider – Responsive Image Slider, Video Slider & Post SliderEnhanced Ecommerce Google Analytics for WooCommerceWidget for Contact form 7Stackable – Page Builder Gutenberg BlocksSimple Feature Requests Free – User Feedback BoardBlockyPage – Gutenberg Based Page BuilderWP AutoMedicGallery PhotoBlocksContact Form 7 – Capsule CRM – IntegrationEvent Tickets and RegistrationEasy Settings for LearnDashWordPress Auto SEO Plugin – Upfiv SEO WizardWP Relevant AdsForms to Zapier, Integromat, IFTTT, Workato, Automate.io, elastic.io, Built.io, APIANT, WebhookUser Menus – Nav Menu VisibilityLittleBot ACH for Stripe + PlaidUnder ConstructionMaster Accordion ( Former WP Awesome FAQ Plugin )XT Points & Rewards for WooCommerceCF7 Constant Contact Fields MappingWP Data Access – WordPress App, Table and Form Builder pluginPassster – Password Protect Pages and ContentOut of stock display for woocommerceClean Social IconsCheckout with Cash App on EDDAutoSave NetSSL Certificate – Free SSL, HTTPS by SSL ZenGateway for PayLate on WooCommerceCourt Reservation – Manage Your Court Bookings OnlineAffiliate Link Builder Plugin for Amazon Associates – Review EngineAdvanced Custom Fields options import/exportRT Easy Builder – Advanced addons for ElementorThe best plugin for restrict content, support all Custom Post Types and Elementor – Password ProtectedChoice Payment Gateway for WooCommerceURL Shortify – Simple, Powerful and Easy URL Shortener Plugin For WordPressWooCommerce Shipping gateway per ProductWP Tools Divi Blog CarouselSimple Social Page Widget & ShortcodeUltimate Bulk SEO Noindex Nofollow – Speed up Penalty Recovery Ultimate SEO BoosterEducation Addon for ElementorAdvanced Classifieds & Directory ProCode ManagerHuCommerce | Magyar WooCommerce kiegészítésekFree Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC BookingFeedpress Generator – External RSS Frontend CustomizerSTAX Header BuilderWP Google Street View (with 360° virtual tour) & Google maps + Local SEOUltimate Divi Modules Suite – Divi Sumo LiteWordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and ScheduleFIT: Featured Image ToolkitConversion de moneda WoocommerceWP Adminify – Custom WordPress Dashboard, Login and Admin CustomizerGo Viral – social share, social sharebar, social locker, social chat, open graph, reactions, share & view countersWooCommerce Bulk Edit Products – WP Sheet EditorWP SierraWordPress Gallery Plugin – Edge Photo GalleryPootle Pagebuilder – WordPress Page builderTickera – WordPress Event Ticketing
CWE ID-CWE-862
Missing Authorization
CVE-2024-28003
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.19% / 41.11%
||
7 Day CHG~0.00%
Published-28 Mar, 2024 | 05:52
Updated-08 Aug, 2024 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Max Mega Menu plugin <= 3.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Megamenu Max Mega Menu.This issue affects Max Mega Menu: from n/a through 3.3.

Action-Not Available
Vendor-Megamenu
Product-Max Mega Menu
CWE ID-CWE-862
Missing Authorization
CVE-2024-27950
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 23.92%
||
7 Day CHG~0.00%
Published-01 Mar, 2024 | 07:46
Updated-08 Aug, 2024 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Sirv Plugin <= 7.2.0 is vulnerable to Broken Access Control

Missing Authorization vulnerability in sirv.Com Image Optimizer, Resizer and CDN – Sirv.This issue affects Image Optimizer, Resizer and CDN – Sirv: from n/a through 7.2.0.

Action-Not Available
Vendor-sirv.com
Product-Image Optimizer, Resizer and CDN – Sirv
CWE ID-CWE-862
Missing Authorization
CVE-2023-2716
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.10% / 28.39%
||
7 Day CHG~0.00%
Published-20 May, 2023 | 02:03
Updated-13 Jan, 2025 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Groundhogg plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'ajax_upload_file' function in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload a file to the contact, and then lists all the other uploaded files related to the contact.

Action-Not Available
Vendor-trainingbusinessprosGroundhogg (Groundhogg Inc.)
Product-groundhoggWordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg
CWE ID-CWE-862
Missing Authorization
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found