The RFC enabled function module allows a low privileged user to perform denial of service on any user and also change or delete favourite nodes. By sending a crafted packet in the function module targeting specific parameters, the specific targeted user will no longer have access to any functionality of SAP GUI. There is low impact on integrity and availability of the application.
Missing Authorization vulnerability in LWS LWS Affiliation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LWS Affiliation: from n/a through 2.3.4.
Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.3.0.
The RFC enabled function module allows a low privileged user to perform various actions, such as modifying the URLs of any user's favourite nodes and workbook ID. There is low impact on integrity and availability of the application.
Missing Authorization vulnerability in Jamie Bergen Plugin Notes Plus allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Plugin Notes Plus: from n/a through 1.2.7.
The IgnitionDeck Crowdfunding Platform plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.9.8. This is due to missing capability checks on various functions called via AJAX actions in the ~/classes/class-idf-wizard.php file. This makes it possible for authenticated attackers, with subscriber access or higher, to execute various AJAX actions. This includes actions to change the permalink structure, plugin settings and others.
Missing Authorization vulnerability in Matat Technologies TextMe SMS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TextMe SMS: from n/a through 1.9.0.
The RFC enabled function module allows a low privileged user to delete the workplace favourites of any user. This vulnerability could be utilized to identify usernames and access information about targeted user's workplaces and nodes. There is low impact on integrity and availability of the application.
SAP Student Life Cycle Management (SLcM) fails to conduct proper authorization checks for authenticated users, leading to the potential escalation of privileges. On successful exploitation it could allow an attacker to delete non-sensitive report variants that are typically restricted, causing minimal impact on the integrity of the application.
Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in Hal Gatewood Dashicons + Custom Post Types.This issue affects Dashicons + Custom Post Types: from n/a through 1.0.2.
Missing Authorization vulnerability in Fahad Mahmood WP Docs wp-docs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Docs: from n/a through <= 2.2.8.
Missing Authorization vulnerability in KaineLabs Youzify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Youzify: from n/a through 1.2.6.
Missing Authorization vulnerability in Passionate Brains GA4WP: Google Analytics for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GA4WP: Google Analytics for WordPress: from n/a through 2.10.0.
Missing Authorization vulnerability in niklaslindemann Bulk Landing Page Creator for WordPress LPagery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk Landing Page Creator for WordPress LPagery: from n/a through 2.4.9.
Missing Authorization vulnerability in Packlink Shipping S.L. Packlink PRO shipping module allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Packlink PRO shipping module: from n/a through 3.4.6.
Missing Authorization vulnerability in SiteGround SiteGround Security allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteGround Security: from n/a through 1.5.0.
Missing Authorization vulnerability in Meks Meks Video Importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Meks Video Importer: from n/a through 1.0.12.
Missing Authorization vulnerability in WpDevArt Responsive Image Gallery, Gallery Album.This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0.3.
Missing Authorization vulnerability in Uncanny Owl Uncanny Toolkit Pro for LearnDash allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Toolkit Pro for LearnDash: from n/a through 4.1.4.0
Missing Authorization vulnerability in Theme4Press Demo Awesome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Demo Awesome: from n/a through 1.0.2.
SAP BW/4HANA Transformation and Data Transfer Process (DTP) allows an authenticated attacker to gain higher access levels than they should have by exploiting improper authorization checks. This results in escalation of privileges. It has no impact on the confidentiality of data but may have low impacts on the integrity and availability of the application.
Missing Authorization vulnerability in Automattic Newspack Blocks newspack-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Newspack Blocks: from n/a through 3.0.8.
The Wheel of Life: Coaching and Assessment Tool for Life Coach plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on several functions in the AjaxFunctions.php file in all versions up to, and including, 1.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary posts and modify settings.
Missing Authorization vulnerability in Suresh Chand CHP Ads Block Detector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CHP Ads Block Detector: from n/a through 3.9.5.
Missing Authorization vulnerability in Andreas Sofantzis Simple COD Fees for WooCommerce.This issue affects Simple COD Fees for WooCommerce: from n/a through 2.0.2.
Missing Authorization vulnerability in Codection Import and export users and customers.This issue affects Import and export users and customers: from n/a through 1.26.5.
Missing Authorization vulnerability in Tagembed.This issue affects Tagembed: from n/a through 5.8.
Missing Authorization vulnerability in HahnCreativeGroup WP Translate.This issue affects WP Translate: from n/a through 5.3.0.
Missing Authorization vulnerability in codeSavory Knowledge Base documentation & wiki plugin – BasePress.This issue affects Knowledge Base documentation & wiki plugin – BasePress: from n/a through 2.16.1.
Missing Authorization vulnerability in Qamar Sheeraz, Nasir Ahmad Mega Addons For Elementor.This issue affects Mega Addons For Elementor: from n/a through 1.8.
Missing Authorization vulnerability in Evergreen Content Poster.This issue affects Evergreen Content Poster: from n/a through 1.4.2.
Missing Authorization vulnerability in Martin Gibson WP LinkedIn Auto Publish.This issue affects WP LinkedIn Auto Publish: from n/a through 8.11.
Missing Authorization vulnerability in AutoWriter AI Post Generator | AutoWriter.This issue affects AI Post Generator | AutoWriter: from n/a through 3.3.
The Kubio AI Page Builder plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the kubio-image-hub-install-plugin AJAX action in all versions up to, and including, 2.6.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install the Image Hub plugin.
Missing Authorization vulnerability in WPZOOM Social Icons Widget & Block by WPZOOM.This issue affects Social Icons Widget & Block by WPZOOM: from n/a through 4.2.15.
Missing Authorization vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.18.
Missing Authorization vulnerability in OnTheGoSystems WooCommerce Multilingual & Multicurrency.This issue affects WooCommerce Multilingual & Multicurrency: from n/a through 5.3.4.
Missing Authorization vulnerability in Saleswonder.Biz Team WP2LEADS.This issue affects WP2LEADS: from n/a through 3.2.7.
Missing Authorization vulnerability in Spiffy Plugins Spiffy Calendar.This issue affects Spiffy Calendar: from n/a through 4.9.10.
Missing Authorization vulnerability in ExtendThemes Colibri Page Builder.This issue affects Colibri Page Builder: from n/a through 1.0.248.
Missing Authorization vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2.
Missing Authorization vulnerability in Peach Payments Peach Payments Gateway.This issue affects Peach Payments Gateway: from n/a through 3.1.9.
Missing Authorization vulnerability in AddonMaster Load More Anything.This issue affects Load More Anything: from n/a through 3.3.3.
Missing Authorization vulnerability in RabbitLoader.This issue affects RabbitLoader: from n/a through 2.19.13.
A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to upload or delete files on an affected device. This vulnerability exists because of missing authorization controls on the affected REST API endpoint. An attacker could exploit this vulnerability by sending crafted API requests to the affected endpoint. A successful exploit could allow the attacker to upload files into a specific container or delete files from a specific folder within that container. This vulnerability only affects a specific REST API endpoint and does not affect the web-based management interface.
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tutor_delete_announcement() function in all versions up to, and including, 2.6.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary posts.
The aDirectory – WordPress Directory Listing Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the adqs_delete_listing() function in all versions up to, and including, 2.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary posts.
The AdForest theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions like 'sb_remove_ad' in all versions up to, and including, 5.1.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete posts, attachments and deactivate a license.
Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC Unisphere for PowerMax Virtual Appliance versions prior to 9.1.0.17, and PowerMax OS Release 5978 contain an authorization bypass vulnerability. An authenticated malicious user may potentially execute commands to alter or stop database statistics.
The 2J-SlideShow Plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the 'twoj_slideshow_setup' function called via the wp_ajax_twoj_slideshow_setup AJAX action in versions up to, and including, 1.3.31. This makes it possible for authenticated attackers (Subscriber, or above level access) to allow attackers to perform otherwise restricted actions and subsequently deactivate any plugins on the blog.