Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-43929

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-01 Nov, 2024 | 14:17
Updated At-01 Nov, 2024 | 18:01
Rejected At-
Credits

WordPress JobSearch WP Job Board WordPress Plugin plugin <= 2.5.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in eyecix JobSearch allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JobSearch: from n/a through 2.5.4.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:01 Nov, 2024 | 14:17
Updated At:01 Nov, 2024 | 18:01
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress JobSearch WP Job Board WordPress Plugin plugin <= 2.5.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in eyecix JobSearch allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JobSearch: from n/a through 2.5.4.

Affected Products
Vendor
eyecix
Product
JobSearch
Package Name
wp-jobsearch
Default Status
unaffected
Versions
Affected
  • From n/a through 2.5.4 (custom)
    • -> unaffectedfrom2.5.6
Problem Types
TypeCWE IDDescription
CWECWE-862CWE-862 Missing Authorization
Type: CWE
CWE ID: CWE-862
Description: CWE-862 Missing Authorization
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-1CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs
CAPEC ID: CAPEC-1
Description: CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs
Solutions

Update to 2.5.6 or a higher version.

Configurations
Workarounds
Exploits
Credits
finder
Ananda Dhakal (Patchstack)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/vulnerability/wp-jobsearch/wordpress-jobsearch-wp-job-board-wordpress-plugin-plugin-2-5-4-broken-access-control-vulnerability-2?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/vulnerability/wp-jobsearch/wordpress-jobsearch-wp-job-board-wordpress-plugin-plugin-2-5-4-broken-access-control-vulnerability-2?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Vendor
eyecix
Product
jobsearch_wp_job_board
CPEs
  • cpe:2.3:a:eyecix:jobsearch_wp_job_board:-:*:*:*:*:wordpress:*:*
Default Status
unaffected
Versions
Affected
  • From 0 through 2.5.4 (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:01 Nov, 2024 | 15:15
Updated At:12 Nov, 2024 | 20:49

Missing Authorization vulnerability in eyecix JobSearch allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JobSearch: from n/a through 2.5.4.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CPE Matches
eyecix
eyecix
>>jobsearch_wp_job_board>>Versions before 2.5.6(exclusive)
cpe:2.3:a:eyecix:jobsearch_wp_job_board:*:*:*:*:*:wordpress:*:*
Weaknesses
CWE IDTypeSource
CWE-862Primaryaudit@patchstack.com
CWE ID: CWE-862
Type: Primary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/vulnerability/wp-jobsearch/wordpress-jobsearch-wp-job-board-wordpress-plugin-plugin-2-5-4-broken-access-control-vulnerability-2?_s_id=cveaudit@patchstack.com
Third Party Advisory
Hyperlink: https://patchstack.com/database/vulnerability/wp-jobsearch/wordpress-jobsearch-wp-job-board-wordpress-plugin-plugin-2-5-4-broken-access-control-vulnerability-2?_s_id=cve
Source: audit@patchstack.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

337Records found
CVE-2025-6380
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.8||CRITICAL
EPSS-0.14% / 35.22%
||
7 Day CHG+0.05%
Published-24 Jul, 2025 | 09:22
Updated-25 Jul, 2025 | 15:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ONLYOFFICE Docs 1.1.0 - 2.2.0 - Missing Authorization to Unauthenticated Privilege Escalation via callback Function

The ONLYOFFICE Docs plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within its oo.callback REST endpoint in versions 1.1.0 to 2.2.0. The plugin’s permission callback only verifies that the supplied, encrypted attachment ID maps to an existing attachment post, but does not verify the requester’s identity or capabilities. This makes it possible for unauthenticated attackers to log in as an arbitrary user.

Action-Not Available
Vendor-onlyoffice
Product-ONLYOFFICE Docs
CWE ID-CWE-862
Missing Authorization
CVE-2023-26301
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.68% / 70.64%
||
7 Day CHG~0.00%
Published-21 Jul, 2023 | 16:06
Updated-02 Aug, 2024 | 11:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain HP LaserJet Pro print products are potentially vulnerable to an Elevation of Privilege and/or Information Disclosure related to a lack of authentication with certain endpoints.

Action-Not Available
Vendor-HP Inc.
Product-color_laserjet_pro_4201-4203_4ra87fcolor_laserjet_pro_mfp_4301-4303_4ra83f_firmwarecolor_laserjet_pro_4201-4203_4ra87f_firmwarecolor_laserjet_pro_4201-4203_5hh52a_firmwarecolor_laserjet_pro_4201-4203_4ra89acolor_laserjet_pro_4201-4203_5hh59a_firmwarecolor_laserjet_pro_4201-4203_4ra89a_firmwarecolor_laserjet_pro_4201-4203_4ra88fcolor_laserjet_pro_4201-4203_5hh52acolor_laserjet_pro_mfp_4301-4303_4ra80f_firmwarecolor_laserjet_pro_mfp_4301-4303_4ra84f_firmwarecolor_laserjet_pro_mfp_4301-4303_4ra84fcolor_laserjet_pro_mfp_4301-4303_5hh65acolor_laserjet_pro_4201-4203_5hh53a_firmwarecolor_laserjet_pro_4201-4203_5hh51a_firmwarecolor_laserjet_pro_4201-4203_5hh48a_firmwarecolor_laserjet_pro_mfp_4301-4303_4ra83fcolor_laserjet_pro_mfp_4301-4303_5hh66acolor_laserjet_pro_mfp_4301-4303_5hh72a_firmwarecolor_laserjet_pro_mfp_4301-4303_5hh67a_firmwarecolor_laserjet_pro_4201-4203_4ra88f_firmwarecolor_laserjet_pro_mfp_4301-4303_4ra80fcolor_laserjet_pro_mfp_4301-4303_5hh64f_firmwarecolor_laserjet_pro_mfp_4301-4303_4ra81fcolor_laserjet_pro_mfp_4301-4303_5hh65a_firmwarecolor_laserjet_pro_4201-4203_5hh59acolor_laserjet_pro_4201-4203_5hh51acolor_laserjet_pro_mfp_4301-4303_4ra81f_firmwarecolor_laserjet_pro_4201-4203_5hh53acolor_laserjet_pro_mfp_4301-4303_4ra82f_firmwarecolor_laserjet_pro_mfp_4301-4303_5hh73a_firmwarecolor_laserjet_pro_mfp_4301-4303_5hh66a_firmwarecolor_laserjet_pro_mfp_4301-4303_5hh73acolor_laserjet_pro_mfp_4301-4303_5hh67acolor_laserjet_pro_mfp_4301-4303_4ra82fcolor_laserjet_pro_mfp_4301-4303_5hh72acolor_laserjet_pro_mfp_4301-4303_5hh64fcolor_laserjet_pro_4201-4203_5hh48aHP LaserJet Pro
CWE ID-CWE-862
Missing Authorization
CVE-2024-53805
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.31% / 53.73%
||
7 Day CHG+0.02%
Published-06 Dec, 2024 | 13:05
Updated-11 Feb, 2025 | 17:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Mailster plugin <= 1.8.16.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in brandtoss WP Mailster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Mailster: from n/a through 1.8.16.0.

Action-Not Available
Vendor-wpmailsterbrandtossmailster
Product-wp_mailsterWP Mailstermailster
CWE ID-CWE-862
Missing Authorization
CVE-2023-26035
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.2||HIGH
EPSS-49.10% / 97.70%
||
7 Day CHG-0.74%
Published-25 Feb, 2023 | 01:07
Updated-13 Feb, 2025 | 16:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZoneMinder vulnerable to Missing Authorization

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the snapshot action, which expects an id to fetch an existing monitor but can be passed an object to create a new one instead. TriggerOn ends up calling shell_exec using the supplied Id. This issue is fixed in This issue is fixed in versions 1.36.33 and 1.37.33.

Action-Not Available
Vendor-zoneminderZoneMinder
Product-zoneminderzoneminder
CWE ID-CWE-862
Missing Authorization
CVE-2025-5394
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.8||CRITICAL
EPSS-21.62% / 95.51%
||
7 Day CHG+5.85%
Published-15 Jul, 2025 | 03:43
Updated-15 Jul, 2025 | 13:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Alone – Charity Multipurpose Non-profit WordPress Theme <= 7.8.3 - Missing Authorization to Unauthenticated Arbitrary File Upload via Plugin Installation

The Alone – Charity Multipurpose Non-profit WordPress Theme theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the alone_import_pack_install_plugin() function in all versions up to, and including, 7.8.3. This makes it possible for unauthenticated attackers to upload zip files containing webshells disguised as plugins from remote locations to achieve remote code execution.

Action-Not Available
Vendor-Bearsthemes
Product-Alone – Charity Multipurpose Non-profit WordPress Theme
CWE ID-CWE-862
Missing Authorization
CVE-2021-31921
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.21% / 43.32%
||
7 Day CHG~0.00%
Published-02 Jun, 2021 | 15:36
Updated-03 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Istio before 1.8.6 and 1.9.x before 1.9.5 contains a remotely exploitable vulnerability where an external client can access unexpected services in the cluster, bypassing authorization checks, when a gateway is configured with AUTO_PASSTHROUGH routing configuration.

Action-Not Available
Vendor-istion/a
Product-istion/a
CWE ID-CWE-862
Missing Authorization
CVE-2025-5486
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.8||CRITICAL
EPSS-0.15% / 35.68%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 06:42
Updated-06 Jun, 2025 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Email Debug 1.0 - 1.1.0 - Missing Authorization to Unauthenticated Privilege Escalation via Password Reset

The WP Email Debug plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the WPMDBUG_handle_settings() function in versions 1.0 to 1.1.0. This makes it possible for unauthenticated attackers to enable debugging and send all emails to an attacker controlled address and then trigger a password reset for an administrator to gain access to an administrator account.

Action-Not Available
Vendor-dr_scythe
Product-WP Email Debug
CWE ID-CWE-862
Missing Authorization
CVE-2018-25105
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.8||CRITICAL
EPSS-3.85% / 87.73%
||
7 Day CHG~0.00%
Published-16 Oct, 2024 | 06:43
Updated-30 Oct, 2024 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
File Manager <= 3.0 - Unauthenticated Arbitrary File Upload/Download

The File Manager plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the /inc/root.php file in versions up to, and including, 3.0. This makes it possible for unauthenticated attackers to download arbitrary files from the server and upload arbitrary files that can be used for remote code execution.

Action-Not Available
Vendor-filemanagerpromndpsingh287mndpsingh287
Product-file_managerFile Managerfile_manager
CWE ID-CWE-862
Missing Authorization
CVE-2023-23834
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.18% / 39.24%
||
7 Day CHG+0.03%
Published-09 Dec, 2024 | 11:31
Updated-01 Mar, 2025 | 02:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Spectra – WordPress Gutenberg Blocks plugin <= 2.3.0 - Broken Access Control + CSRF on Activate_Plugin vulnerability

Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.3.0.

Action-Not Available
Vendor-Brainstorm Force
Product-spectraSpectra
CWE ID-CWE-862
Missing Authorization
CVE-2025-52352
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.19% / 41.18%
||
7 Day CHG~0.00%
Published-21 Aug, 2025 | 00:00
Updated-22 Aug, 2025 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Aikaan IoT management platform v3.25.0325-5-g2e9c59796 provides a configuration to disable user sign-up in distributed deployments by hiding the sign-up option on the login page UI. However, the sign-up API endpoint remains publicly accessible and functional, allowing unauthenticated users to register accounts via APIs even when the feature is disabled. This leads to authentication bypass and unauthorized access to admin portals, violating intended access controls.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-862
Missing Authorization
CVE-2023-22697
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.20% / 41.78%
||
7 Day CHG~0.00%
Published-13 Dec, 2024 | 14:22
Updated-17 Apr, 2025 | 01:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Survey Maker plugin <= 3.2.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Survey Maker team Survey Maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Survey Maker: from n/a through 3.2.0.

Action-Not Available
Vendor-AYS Pro Extensions
Product-survey_makerSurvey Maker
CWE ID-CWE-862
Missing Authorization
CVE-2019-13547
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-0.29% / 51.84%
||
7 Day CHG~0.00%
Published-31 Oct, 2019 | 20:59
Updated-04 Aug, 2024 | 23:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. There is an unsecured function that allows anyone who can access the IP address to use the function without authentication.

Action-Not Available
Vendor-n/aAdvantech (Advantech Co., Ltd.)
Product-wise-paas\/rmmAdvantech WISE-PaaS/RMM
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2023-48245
Matching Score-4
Assigner-Robert Bosch GmbH
ShareView Details
Matching Score-4
Assigner-Robert Bosch GmbH
CVSS Score-6.5||MEDIUM
EPSS-0.40% / 59.64%
||
7 Day CHG~0.00%
Published-10 Jan, 2024 | 10:38
Updated-17 Jun, 2025 | 20:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The vulnerability allows an unauthenticated remote attacker to upload arbitrary files under the context of the application OS user (“root”) via a crafted HTTP request.

Action-Not Available
Vendor-Bosch Rexroth AGRobert Bosch GmbH
Product-nexo_cordless_nutrunner_nxa015s-36v_\(0608842001\)nexo-osnexo_cordless_nutrunner_nxa011s-36v_\(0608842011\)nexo_cordless_nutrunner_nxa065s-36v_\(0608842013\)nexo_special_cordless_nutrunner_\(0608pe2272\)nexo_cordless_nutrunner_nxa030s-36v-b_\(0608842007\)nexo_special_cordless_nutrunner_\(0608pe2673\)nexo_cordless_nutrunner_nxp012qd-36v-b_\(0608842010\)nexo_cordless_nutrunner_nxa011s-36v-b_\(0608842012\)nexo_special_cordless_nutrunner_\(0608pe2514\)nexo_cordless_nutrunner_nxv012t-36v-b_\(0608842016\)nexo_special_cordless_nutrunner_\(0608pe2301\)nexo_cordless_nutrunner_nxa065s-36v-b_\(0608842014\)nexo_cordless_nutrunner_nxa030s-36v_\(0608842002\)nexo_special_cordless_nutrunner_\(0608pe2666\)nexo_cordless_nutrunner_nxv012t-36v_\(0608842015\)nexo_special_cordless_nutrunner_\(0608pe2515\)nexo_cordless_nutrunner_nxa015s-36v-b_\(0608842006\)nexo_cordless_nutrunner_nxa050s-36v_\(0608842003\)nexo_cordless_nutrunner_nxa050s-36v-b_\(0608842008\)nexo_cordless_nutrunner_nxp012qd-36v_\(0608842005\)Nexo cordless nutrunner NXA011S-36V (0608842011)Nexo cordless nutrunner NXV012T-36V (0608842015)Nexo cordless nutrunner NXA011S-36V-B (0608842012)Nexo special cordless nutrunner (0608PE2301)Nexo cordless nutrunner NXA030S-36V-B (0608842007)Nexo special cordless nutrunner (0608PE2514)Nexo cordless nutrunner NXA015S-36V-B (0608842006)Nexo special cordless nutrunner (0608PE2272)Nexo cordless nutrunner NXA065S-36V (0608842013)Nexo cordless nutrunner NXA050S-36V (0608842003)Nexo cordless nutrunner NXA050S-36V-B (0608842008)Nexo special cordless nutrunner (0608PE2666)Nexo special cordless nutrunner (0608PE2673)Nexo cordless nutrunner NXA065S-36V-B (0608842014)Nexo special cordless nutrunner (0608PE2515)Nexo cordless nutrunner NXP012QD-36V-B (0608842010)Nexo cordless nutrunner NXP012QD-36V (0608842005)Nexo cordless nutrunner NXV012T-36V-B (0608842016)Nexo cordless nutrunner NXA015S-36V (0608842001)Nexo cordless nutrunner NXA030S-36V (0608842002)
CWE ID-CWE-862
Missing Authorization
CVE-2023-22701
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.26% / 49.22%
||
7 Day CHG+0.04%
Published-09 Dec, 2024 | 11:31
Updated-27 Feb, 2025 | 20:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ebook Store plugin <= 5.775 - Broken Authentication vulnerability

Missing Authorization vulnerability in Shopfiles Ltd Ebook Store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ebook Store: from n/a through 5.775.

Action-Not Available
Vendor-shopfilesShopfiles Ltdshopfiles
Product-ebook_storeEbook Storeebook_store
CWE ID-CWE-862
Missing Authorization
CVE-2018-21042
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.16% / 37.94%
||
7 Day CHG~0.00%
Published-08 Apr, 2020 | 17:05
Updated-05 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. Dual Messenger allows installation of an arbitrary APK with resultant privileged code execution. The Samsung ID is SVE-2018-13299 (December 2018).

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-862
Missing Authorization
CVE-2024-31283
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.63% / 69.47%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 18:12
Updated-02 Aug, 2024 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Advanced Local Pickup for WooCommerce plugin <=1.6.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in zorem Advanced Local Pickup for WooCommerce.This issue affects Advanced Local Pickup for WooCommerce: from n/a through 1.6.2.

Action-Not Available
Vendor-zoremzoremzorem
Product-advanced_local_pickup_for_woocommerceAdvanced Local Pickup for WooCommerceadvanced_local_pickup_for_woocommerce
CWE ID-CWE-862
Missing Authorization
CVE-2025-5304
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.8||CRITICAL
EPSS-0.15% / 35.99%
||
7 Day CHG~0.00%
Published-28 Jun, 2025 | 05:29
Updated-30 Jun, 2025 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PT Project Notebooks 1.0.0 - 1.1.3 - Missing Authorization to Unauthenticated Privilege Escalation via wpnb_pto_new_users_add Function

The PT Project Notebooks plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization in the wpnb_pto_new_users_add() function in versions 1.0.0 through 1.1.3. This makes it possible for unauthenticated attackers to elevate their privileges to that of an administrator.

Action-Not Available
Vendor-blafoley
Product-PT Project Notebooks – Take Meeting minutes, create budgets, track task management, and more
CWE ID-CWE-862
Missing Authorization
CVE-2023-48417
Matching Score-4
Assigner-Google Devices
ShareView Details
Matching Score-4
Assigner-Google Devices
CVSS Score-9.8||CRITICAL
EPSS-0.06% / 17.35%
||
7 Day CHG~0.00%
Published-11 Dec, 2023 | 05:09
Updated-02 Aug, 2024 | 21:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Missing Permission checks resulting in unauthorized access and Manipulation in KeyChainActivity Application

Action-Not Available
Vendor-Google LLC
Product-chromecast_firmwarechromecastAndroid
CWE ID-CWE-862
Missing Authorization
CVE-2024-30544
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.26% / 49.10%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 11:04
Updated-05 Nov, 2024 | 15:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Whizzy plugin <= 1.1.18 - Broken Access Control vulnerability

Missing Authorization vulnerability in UPQODE Whizzy.This issue affects Whizzy: from n/a through 1.1.18.

Action-Not Available
Vendor-upqodeUPQODEupqode
Product-whizzyWhizzywhizzy
CWE ID-CWE-862
Missing Authorization
CVE-2021-24997
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.5||MEDIUM
EPSS-4.58% / 88.79%
||
7 Day CHG~0.00%
Published-27 Dec, 2021 | 10:33
Updated-03 Aug, 2024 | 19:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Guppy < 1.3 - Sensitive Information Disclosure

The WP Guppy WordPress plugin before 1.3 does not have any authorisation in some of the REST API endpoints, allowing any user to call them and could lead to sensitive information disclosure, such as usernames and chats between users, as well as be able to send messages as an arbitrary user

Action-Not Available
Vendor-wp-guppyUnknown
Product-wp_guppyWP Guppy
CWE ID-CWE-862
Missing Authorization
CVE-2024-30538
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.35% / 56.59%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 09:00
Updated-02 Aug, 2024 | 01:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress DELUCKS SEO plugin <= 2.5.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in DELUCKS GmbH DELUCKS SEO.This issue affects DELUCKS SEO: from n/a through 2.5.4.

Action-Not Available
Vendor-delucksDELUCKS GmbHdelucks
Product-delucks_seoDELUCKS SEOdelucks_seo
CWE ID-CWE-862
Missing Authorization
CVE-2020-36719
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.8||CRITICAL
EPSS-0.87% / 74.21%
||
7 Day CHG~0.00%
Published-07 Jun, 2023 | 01:51
Updated-28 Dec, 2024 | 00:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Arbitrary Plugin Installation, Activation and Deactivation in versions before 2.6.1. This is due to a missing capability check on the lp_cc_addons_actions function. This makes it possible for unauthenticated attackers to arbitrarily install, activate and deactivate any plugin.

Action-Not Available
Vendor-cridion/a
Product-listingproListingPro - WordPress Directory & Listing Theme
CWE ID-CWE-862
Missing Authorization
CVE-2025-5288
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.8||CRITICAL
EPSS-0.14% / 34.51%
||
7 Day CHG~0.00%
Published-13 Jun, 2025 | 01:47
Updated-16 Jun, 2025 | 12:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
REST API | Custom API Generator For Cross Platform And Import Export In WP 1.0.0 - 2.0.3 - Missing Authorization to Unauthenticated Privilege Escalation via process_handler Function

The REST API | Custom API Generator For Cross Platform And Import Export In WP plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the process_handler() function in versions 1.0.0 to 2.0.3. This makes it possible for unauthenticated attackers to POST an arbitrary import_api URL, import specially crafted JSON, and thereby create a new user with full Administrator privileges.

Action-Not Available
Vendor-weboccults
Product-REST API | Custom API Generator For Cross Platform And Import Export In WP
CWE ID-CWE-862
Missing Authorization
CVE-2023-1114
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
ShareView Details
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
CVSS Score-9.8||CRITICAL
EPSS-0.26% / 49.06%
||
7 Day CHG~0.00%
Published-01 Mar, 2023 | 11:50
Updated-02 Aug, 2024 | 05:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Input Validation on e-Belediye

Missing Authorization vulnerability in Eskom e-Belediye allows Information Elicitation.This issue affects e-Belediye: from 1.0.0.95 before 1.0.0.100.

Action-Not Available
Vendor-eskomEskom
Product-e-belediyee-Belediye
CWE ID-CWE-862
Missing Authorization
CVE-2023-0923
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-0.14% / 34.19%
||
7 Day CHG~0.00%
Published-15 Sep, 2023 | 20:16
Updated-02 Aug, 2024 | 05:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Odh-notebook-controller-container: missing authorization allows for file contents disclosure

A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other namespaces and applications from making requests to the Jupyter API. This flaw can lead to file content exposure and other issues.

Action-Not Available
Vendor-Red Hat, Inc.
Product-enterprise_linuxopenshift_data_scienceRHODS-1.22-RHEL-8
CWE ID-CWE-862
Missing Authorization
CVE-2025-52721
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 8.43%
||
7 Day CHG~0.00%
Published-14 Aug, 2025 | 10:34
Updated-14 Aug, 2025 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Global Gallery Plugin <= 9.2.3 - Broken Access Control Vulnerability

Missing Authorization vulnerability in LCweb Global Gallery allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Global Gallery: from n/a through 9.2.3.

Action-Not Available
Vendor-LCweb
Product-Global Gallery
CWE ID-CWE-862
Missing Authorization
CVE-2024-27939
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-0.77% / 72.50%
||
7 Day CHG~0.00%
Published-14 May, 2024 | 10:02
Updated-06 Feb, 2025 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow the upload of arbitrary files of any unauthenticated user. An attacker could leverage this vulnerability and achieve arbitrary code execution with system privileges.

Action-Not Available
Vendor-Siemens AG
Product-ruggedcom_crossbowRUGGEDCOM CROSSBOWruggedcom_crossbow
CWE ID-CWE-862
Missing Authorization
CVE-2020-8772
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-93.22% / 99.79%
||
7 Day CHG~0.00%
Published-06 Feb, 2020 | 16:27
Updated-04 Aug, 2024 | 10:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The InfiniteWP Client plugin before 1.9.4.5 for WordPress has a missing authorization check in iwp_mmb_set_request in init.php. Any attacker who knows the username of an administrator can log in.

Action-Not Available
Vendor-revmakxn/a
Product-infinitewp_clientn/a
CWE ID-CWE-862
Missing Authorization
CVE-2024-2771
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 61.98%
||
7 Day CHG-0.01%
Published-18 May, 2024 | 07:38
Updated-06 Feb, 2025 | 18:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.16 - Missing Authorization to Settings Update and Limited Privilege Escalation

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the /wp-json/fluentform/v1/managers REST API endpoint in all versions up to, and including, 5.1.16. This makes it possible for unauthenticated attackers to grant users with Fluent Form management permissions which gives them access to all of the plugin's settings and features. This also makes it possible for unauthenticated attackers to delete manager accounts.

Action-Not Available
Vendor-fluentformstechjewelfluentforms
Product-contact_formContact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Buildercontact_form
CWE ID-CWE-862
Missing Authorization
CVE-2022-47594
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 18.91%
||
7 Day CHG~0.00%
Published-13 Dec, 2024 | 14:22
Updated-11 Apr, 2025 | 14:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Essential Blocks for Gutenberg plugin <= 3.8.5 - Broken Access Control

Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Blocks for Gutenberg: from n/a through 3.8.5.

Action-Not Available
Vendor-WPDeveloper
Product-essential_blocksEssential Blocks for Gutenberg
CWE ID-CWE-862
Missing Authorization
CVE-2020-6823
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.70% / 71.17%
||
7 Day CHG-0.02%
Published-24 Apr, 2020 | 15:53
Updated-04 Aug, 2024 | 09:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malicious extension could have called <code>browser.identity.launchWebAuthFlow</code>, controlling the redirect_uri, and through the Promise returned, obtain the Auth code and gain access to the user's account at the service provider. This vulnerability affects Firefox < 75.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox
CWE ID-CWE-862
Missing Authorization
CVE-2022-45830
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 39.46%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 15:02
Updated-05 Jun, 2025 | 21:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Analytify - Google Analytics Dashboard plugin <= 4.2.3 - Privilege Escalation vulnerability

Missing Authorization vulnerability in Analytify.This issue affects Analytify: from n/a through 4.2.3.

Action-Not Available
Vendor-analytifyAnalytify
Product-analytify_-_google_analytics_dashboardAnalytify
CWE ID-CWE-862
Missing Authorization
CVE-2024-25912
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-0.76% / 72.42%
||
7 Day CHG~0.00%
Published-21 Mar, 2024 | 17:36
Updated-01 Aug, 2024 | 23:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MoveTo plugin <= 6.2 - Unauthenticated Arbitrary WordPress Settings Change vulnerability

Missing Authorization vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2.

Action-Not Available
Vendor-Skymoonlabsskymoonlabs
Product-MoveTomoveto
CWE ID-CWE-862
Missing Authorization
CVE-2022-45806
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 29.57%
||
7 Day CHG~0.00%
Published-13 Dec, 2024 | 14:22
Updated-05 Feb, 2025 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Formidable Forms plugin <= 5.5.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in Strategy11 Form Builder Team Formidable Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Formidable Forms: from n/a through 5.5.4.

Action-Not Available
Vendor-Strategy11
Product-formidable_formsFormidable Forms
CWE ID-CWE-862
Missing Authorization
CVE-2022-44633
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.20% / 42.71%
||
7 Day CHG~0.00%
Published-21 Mar, 2024 | 17:44
Updated-03 Aug, 2024 | 13:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress YITH WooCommerce Gift Cards Premium plugin <= 3.23.1 - Unauth. Gift Card Creation Leading to Stored XSS vulnerability

Missing Authorization vulnerability in YITH YITH WooCommerce Gift Cards Premium.This issue affects YITH WooCommerce Gift Cards Premium: from n/a through 3.23.1.

Action-Not Available
Vendor-Your Inspiration Solutions S.L.U. (YITH) (YITHEMES)
Product-YITH WooCommerce Gift Cards Premiumyith_woocommerce_gift_cards_premium
CWE ID-CWE-862
Missing Authorization
CVE-2020-36840
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-7.3||HIGH
EPSS-0.99% / 75.92%
||
7 Day CHG~0.00%
Published-16 Oct, 2024 | 07:31
Updated-30 Oct, 2024 | 21:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Timetable and Event Schedule by MotoPress <= 2.3.8 - Missing Authorization

The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wp_ajax_route_url() function called via a nopriv AJAX action in versions up to, and including, 2.3.8. This makes it possible for unauthenticated attackers to call that function and perform a wide variety of actions such as including random template, injecting malicious web scripts, and more.

Action-Not Available
Vendor-motopressjetmonstersmotopress
Product-timetable_and_event_scheduleTimetable and Event Schedule by MotoPresstimetable_and_event_schedule
CWE ID-CWE-862
Missing Authorization
CVE-2023-1782
Matching Score-4
Assigner-HashiCorp Inc.
ShareView Details
Matching Score-4
Assigner-HashiCorp Inc.
CVSS Score-10||CRITICAL
EPSS-0.36% / 57.22%
||
7 Day CHG~0.00%
Published-05 Apr, 2023 | 19:10
Updated-10 Feb, 2025 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Nomad Unauthenticated Client Agent HTTP Request Privilege Escalation

HashiCorp Nomad and Nomad Enterprise versions 1.5.0 up to 1.5.2 allow unauthenticated users to bypass intended ACL authorizations for clusters where mTLS is not enabled. This issue is fixed in version 1.5.3.

Action-Not Available
Vendor-HashiCorp, Inc.
Product-nomadNomadNomad Enterprise
CWE ID-CWE-862
Missing Authorization
CVE-2025-48133
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 19.45%
||
7 Day CHG~0.00%
Published-05 Jun, 2025 | 20:49
Updated-13 Aug, 2025 | 01:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Uncanny Automator <= 6.4.0.2 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Uncanny Owl Uncanny Automator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Automator: from n/a through 6.4.0.2.

Action-Not Available
Vendor-Uncanny Owl Inc.
Product-uncanny_automatorUncanny Automator
CWE ID-CWE-862
Missing Authorization
CVE-2025-48339
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 10.12%
||
7 Day CHG~0.00%
Published-16 Jul, 2025 | 11:28
Updated-16 Jul, 2025 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Profiler - What Slowing Down Your WP <= 1.0.0 - Broken Access Control Vulnerability

Missing Authorization vulnerability in activity-log.com Profiler - What Slowing Down Your WP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Profiler - What Slowing Down Your WP: from n/a through 1.0.0.

Action-Not Available
Vendor-activity-log.com
Product-Profiler - What Slowing Down Your WP
CWE ID-CWE-862
Missing Authorization
CVE-2025-48916
Matching Score-4
Assigner-Drupal.org
ShareView Details
Matching Score-4
Assigner-Drupal.org
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 10.86%
||
7 Day CHG~0.00%
Published-13 Jun, 2025 | 15:35
Updated-10 Jul, 2025 | 12:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Bookable Calendar - Less critical - Access bypass - SA-CONTRIB-2025-070

Missing Authorization vulnerability in Drupal Bookable Calendar allows Forceful Browsing.This issue affects Bookable Calendar: from 0.0.0 before 2.2.13.

Action-Not Available
Vendor-joshfabeanThe Drupal Association
Product-bookable_calendarBookable Calendar
CWE ID-CWE-862
Missing Authorization
CVE-2025-48139
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 10.86%
||
7 Day CHG~0.00%
Published-09 Jun, 2025 | 15:54
Updated-12 Jun, 2025 | 16:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress StyleAI <= 1.0.4 - Broken Access Control Vulnerability

Missing Authorization vulnerability in relentlo StyleAI allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects StyleAI: from n/a through 1.0.4.

Action-Not Available
Vendor-relentlo
Product-StyleAI
CWE ID-CWE-862
Missing Authorization
CVE-2022-41786
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.09% / 26.54%
||
7 Day CHG~0.00%
Published-17 Jan, 2024 | 17:14
Updated-13 Nov, 2024 | 19:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Job Portal Plugin <= 2.0.1 is vulnerable to Broken Access Control

Missing Authorization vulnerability in WP Job Portal WP Job Portal – A Complete Job Board.This issue affects WP Job Portal – A Complete Job Board: from n/a through 2.0.1.

Action-Not Available
Vendor-WP Job Portal
Product-wp_job_portalWP Job Portal – A Complete Job Board
CWE ID-CWE-862
Missing Authorization
CVE-2022-41326
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.00% / 86.05%
||
7 Day CHG~0.00%
Published-22 Nov, 2022 | 00:00
Updated-29 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The web conferencing component of Mitel MiCollab through 9.6.0.13 could allow an unauthenticated attacker to upload arbitrary scripts due to improper authorization controls. A successful exploit could allow remote code execution within the context of the application.

Action-Not Available
Vendor-n/aMitel Networks Corp.
Product-micollabn/a
CWE ID-CWE-862
Missing Authorization
CVE-2022-41417
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.07% / 21.67%
||
7 Day CHG~0.00%
Published-18 Jan, 2023 | 00:00
Updated-03 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

BlogEngine.NET v3.3.8.0 allows an attacker to create any folder with "files" prefix under ~/App_Data/.

Action-Not Available
Vendor-blogenginen/a
Product-blogengine.netn/a
CWE ID-CWE-862
Missing Authorization
CVE-2025-48127
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 10.86%
||
7 Day CHG~0.00%
Published-16 May, 2025 | 15:45
Updated-19 May, 2025 | 13:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Push notification for Mobile and Web app <= 2.0.3 - Broken Access Control Vulnerability

Missing Authorization vulnerability in App Cheap Push notification for Mobile and Web app allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Push notification for Mobile and Web app: from n/a through 2.0.3.

Action-Not Available
Vendor-App Cheap
Product-Push notification for Mobile and Web app
CWE ID-CWE-862
Missing Authorization
CVE-2024-1860
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.20% / 42.18%
||
7 Day CHG~0.00%
Published-28 Feb, 2024 | 09:33
Updated-22 Apr, 2025 | 15:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the antihacker_add_whitelist() function in all versions up to, and including, 4.51. This makes it possible for unauthenticated attackers to add their IP Address to the whitelist circumventing protection

Action-Not Available
Vendor-billminozzisminozzisminozzi
Product-anti_hackerDisable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scandisable_json_api_login_lockdown_xml_rpc_pingback_stop_user_enumeration_anit_hacker_scan
CWE ID-CWE-862
Missing Authorization
CVE-2025-47709
Matching Score-4
Assigner-Drupal.org
ShareView Details
Matching Score-4
Assigner-Drupal.org
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 11.72%
||
7 Day CHG~0.00%
Published-14 May, 2025 | 17:03
Updated-10 Jun, 2025 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Enterprise MFA - TFA for Drupal - Critical - Access bypass - SA-CONTRIB-2025-055

Missing Authorization vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Forceful Browsing.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0.

Action-Not Available
Vendor-miniorangeThe Drupal Association
Product-miniorange_2faEnterprise MFA - TFA for Drupal
CWE ID-CWE-862
Missing Authorization
CVE-2024-1763
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.20% / 42.52%
||
7 Day CHG~0.00%
Published-13 Mar, 2024 | 15:26
Updated-20 Mar, 2025 | 11:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wp_social/v1/ REST API endpoint in all versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to enable and disable certain providers for the social share and login features.

Action-Not Available
Vendor-wpmetxpeedstudiowpmet
Product-wp_social_login_and_register_social_counterWp Social Login and Register Social Counterwp_social_login_and_register_social_counter
CWE ID-CWE-862
Missing Authorization
CVE-2022-41238
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-9.8||CRITICAL
EPSS-0.82% / 73.40%
||
7 Day CHG~0.00%
Published-21 Sep, 2022 | 15:45
Updated-29 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins DotCi Plugin 2.40.00 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository for attacker-specified commits.

Action-Not Available
Vendor-Jenkins
Product-dotciJenkins DotCi Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2025-47688
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.05% / 13.37%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-23 May, 2025 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Advanced File Manager plugin <= 5.3.1 - Broken Access Control to Notice Dismissal vulnerability

Missing Authorization vulnerability in Saad Iqbal Advanced File Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced File Manager: from n/a through 5.3.1.

Action-Not Available
Vendor-advancedfilemanagerSaad Iqbal
Product-advanced_file_managerAdvanced File Manager
CWE ID-CWE-862
Missing Authorization
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • Next
Details not found