Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-5331

Summary
Assigner-Wordfence
Assigner Org ID-b15e7b5b-3da4-40ae-a43c-f7aa60e62599
Published At-01 Aug, 2024 | 06:47
Updated At-01 Aug, 2024 | 14:06
Rejected At-
Credits

Breakdance <= 1.7.2 - Missing Authorization

The Breakdance plugin for WordPress is vulnerable to unauthorized access of data in all versions up to, and including, 1.7.2. This makes it possible for authenticated attackers, with Contributor-level access and above, to export form submissions.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Wordfence
Assigner Org ID:b15e7b5b-3da4-40ae-a43c-f7aa60e62599
Published At:01 Aug, 2024 | 06:47
Updated At:01 Aug, 2024 | 14:06
Rejected At:
▼CVE Numbering Authority (CNA)
Breakdance <= 1.7.2 - Missing Authorization

The Breakdance plugin for WordPress is vulnerable to unauthorized access of data in all versions up to, and including, 1.7.2. This makes it possible for authenticated attackers, with Contributor-level access and above, to export form submissions.

Affected Products
Vendor
BreakdanceBreakdance
Product
Breakdance
Default Status
unaffected
Versions
Affected
  • From * through 1.7.1 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-284CWE-284 Improper Access Control
Type: CWE
CWE ID: CWE-284
Description: CWE-284 Improper Access Control
Metrics
VersionBase scoreBase severityVector
3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Francesco Carlucci
Timeline
EventDate
Vendor Notified2024-05-04 00:00:00
Disclosed2024-07-31 17:55:25
Event: Vendor Notified
Date: 2024-05-04 00:00:00
Event: Disclosed
Date: 2024-07-31 17:55:25
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.wordfence.com/threat-intel/vulnerabilities/id/dbe8d453-21f0-43e2-84d3-3c520ab9c308?source=cve
N/A
https://breakdance.com/breakdance-2-0-now-available/
N/A
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/dbe8d453-21f0-43e2-84d3-3c520ab9c308?source=cve
Resource: N/A
Hyperlink: https://breakdance.com/breakdance-2-0-now-available/
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@wordfence.com
Published At:01 Aug, 2024 | 07:15
Updated At:21 Nov, 2024 | 23:07

The Breakdance plugin for WordPress is vulnerable to unauthorized access of data in all versions up to, and including, 1.7.2. This makes it possible for authenticated attackers, with Contributor-level access and above, to export form submissions.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Primary3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Type: Primary
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CPE Matches
Soflyy
soflyy
>>breakdance>>Versions before 2.0(exclusive)
cpe:2.3:a:soflyy:breakdance:*:*:*:*:*:wordpress:*:*
Weaknesses
CWE IDTypeSource
CWE-284Secondarysecurity@wordfence.com
CWE-862Primarynvd@nist.gov
CWE ID: CWE-284
Type: Secondary
Source: security@wordfence.com
CWE ID: CWE-862
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://breakdance.com/breakdance-2-0-now-available/security@wordfence.com
Release Notes
https://www.wordfence.com/threat-intel/vulnerabilities/id/dbe8d453-21f0-43e2-84d3-3c520ab9c308?source=cvesecurity@wordfence.com
Third Party Advisory
Hyperlink: https://breakdance.com/breakdance-2-0-now-available/
Source: security@wordfence.com
Resource:
Release Notes
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/dbe8d453-21f0-43e2-84d3-3c520ab9c308?source=cve
Source: security@wordfence.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

1339Records found
CVE-2024-32818
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 44.55%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 12:37
Updated-26 Feb, 2025 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MDTF – Meta Data and Taxonomies Filter plugin <= 1.3.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF).This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3.

Action-Not Available
Vendor-PluginUs.Net (RealMag777)
Product-wordpress_meta_data_and_taxonomies_filterWordPress Meta Data and Taxonomies Filter (MDTF)
CWE ID-CWE-862
Missing Authorization
CVE-2024-32689
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 35.93%
||
7 Day CHG~0.00%
Published-18 Apr, 2024 | 10:33
Updated-02 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Social Comments plugin <= 1.7.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in GenialSouls WP Social Comments.This issue affects WP Social Comments: from n/a through 1.7.3.

Action-Not Available
Vendor-GenialSoulsgenialsouls
Product-WP Social Commentswp_social_comments
CWE ID-CWE-862
Missing Authorization
CVE-2024-33595
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.36% / 57.53%
||
7 Day CHG~0.00%
Published-29 Apr, 2024 | 09:16
Updated-03 Feb, 2025 | 20:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Master Addons for Elementor plugin <= 2.0.5.4.1 - Broken Access Control on Duplicate Post vulnerability

Missing Authorization vulnerability in Jewel Theme Master Addons for Elementor.This issue affects Master Addons for Elementor: from n/a through 2.0.5.4.1.

Action-Not Available
Vendor-master-addonsJewel Theme
Product-master_addonsMaster Addons for Elementor
CWE ID-CWE-862
Missing Authorization
CVE-2024-33915
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 20.10%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 08:34
Updated-02 Aug, 2024 | 02:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Debug Log Manager plugin <= 2.3.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Bowo Debug Log Manager.This issue affects Debug Log Manager: from n/a through 2.3.1.

Action-Not Available
Vendor-Bowo
Product-Debug Log Manager
CWE ID-CWE-862
Missing Authorization
CVE-2024-44116
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 27.26%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 03:11
Updated-10 Sep, 2024 | 13:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform

The RFC enabled function module allows a low privileged user to add any workbook to any user's workplace favourites. This vulnerability could be utilized to identify usernames and access information about targeted user's workplaces. There is low impact on integrity of the application.

Action-Not Available
Vendor-SAP SE
Product-SAP NetWeaver Application Server for ABAP and ABAP Platform
CWE ID-CWE-862
Missing Authorization
CVE-2023-1903
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 36.45%
||
7 Day CHG~0.00%
Published-11 Apr, 2023 | 02:31
Updated-07 Feb, 2025 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Authorization check in SAP HCM Fiori App My Forms (Fiori 2.0)

SAP HCM Fiori App My Forms (Fiori 2.0) - version 605, does not perform necessary authorization checks for an authenticated user exposing the restricted header data.

Action-Not Available
Vendor-SAP SE
Product-hcm_fiori_app_my_formsHCM Fiori App My Forms (Fiori 2.0)
CWE ID-CWE-862
Missing Authorization
CVE-2020-1754
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.14% / 35.05%
||
7 Day CHG~0.00%
Published-05 Aug, 2022 | 15:21
Updated-04 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the grade history report without the 'access all groups' capability were not restricted to viewing grades of users within their own groups.

Action-Not Available
Vendor-n/aMoodle Pty Ltd
Product-moodleMoodle
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2025-52878
Matching Score-4
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-4
Assigner-JetBrains s.r.o.
CVSS Score-4.3||MEDIUM
EPSS-0.00% / 0.06%
||
7 Day CHG~0.00%
Published-23 Jun, 2025 | 14:13
Updated-23 Jun, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2025.03.3 usernames were exposed to the users without proper permissions

Action-Not Available
Vendor-JetBrains s.r.o.
Product-TeamCity
CWE ID-CWE-862
Missing Authorization
CVE-2024-32522
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 33.84%
||
7 Day CHG~0.00%
Published-17 Apr, 2024 | 07:31
Updated-02 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Open Close WooCommerce Store plugin <= 4.9.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Jaed Mosharraf & Pluginbazar Team Open Close WooCommerce Store.This issue affects Open Close WooCommerce Store: from n/a through 4.9.1.

Action-Not Available
Vendor-Jaed Mosharraf & Pluginbazar Team
Product-Open Close WooCommerce Store
CWE ID-CWE-862
Missing Authorization
CVE-2024-32520
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 33.84%
||
7 Day CHG~0.00%
Published-17 Apr, 2024 | 07:33
Updated-02 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPC Grouped Product for WooCommerce plugin <= 4.4.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPClever WPC Grouped Product for WooCommerce.This issue affects WPC Grouped Product for WooCommerce: from n/a through 4.4.2.

Action-Not Available
Vendor-WPClever
Product-WPC Grouped Product for WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2024-32143
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.55% / 66.85%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 17:03
Updated-19 Mar, 2025 | 18:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Podlove Podcast Publisher plugin <= 4.1.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.1.0.

Action-Not Available
Vendor-podlovePodlovepodlove
Product-podlove_podcast_publisherPodlove Podcast Publisherpodlove_podcast_publisher
CWE ID-CWE-862
Missing Authorization
CVE-2024-32146
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.25% / 48.48%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 17:01
Updated-02 Aug, 2024 | 02:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Aspose.Words – Import and Export word documents plugin <= 6.3.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Aspose.Cloud Marketplace Aspose.Words Exporter.This issue affects Aspose.Words Exporter: from n/a through 6.3.1.

Action-Not Available
Vendor-Aspose.cloud Marketplace
Product-Aspose.Words Exporter
CWE ID-CWE-862
Missing Authorization
CVE-2024-32148
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 29.52%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 14:44
Updated-02 Aug, 2024 | 02:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Pardot plugin <= 2.1.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Salesforce Pardot.This issue affects Pardot: from n/a through 2.1.0.

Action-Not Available
Vendor-Salesforce
Product-Pardot
CWE ID-CWE-862
Missing Authorization
CVE-2024-31359
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 44.55%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 17:20
Updated-26 Sep, 2024 | 13:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Premmerce Product Filter for WooCommerce plugin <= 3.7.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Premmerce Premmerce Product Filter for WooCommerce.This issue affects Premmerce Product Filter for WooCommerce: from n/a through 3.7.2.

Action-Not Available
Vendor-premmercePremmerce
Product-premmerce_product_filter_for_woocommercePremmerce Product Filter for WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2023-1414
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 13.43%
||
7 Day CHG~0.00%
Published-24 Apr, 2023 | 18:31
Updated-04 Feb, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP VR < 8.3.0 - Subscriber+ Arbitrary Tour Update

The WP VR WordPress plugin before 8.3.0 does not have authorisation and CSRF checks in various AJAX actions, one in particular could allow any authenticated users, such as subscriber to update arbitrary tours

Action-Not Available
Vendor-rexthemeUnknown
Product-wp_vrWP VR
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-862
Missing Authorization
CVE-2024-31294
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 44.55%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 08:50
Updated-05 Oct, 2024 | 02:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Sort Order plugin <= 1.3.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Fahad Mahmood WP Sort Order.This issue affects WP Sort Order: from n/a through 1.3.1.

Action-Not Available
Vendor-androidbubbleFahad Mahmood
Product-wp_sort_orderWP Sort Order
CWE ID-CWE-862
Missing Authorization
CVE-2024-31421
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.21% / 43.09%
||
7 Day CHG~0.00%
Published-15 Apr, 2024 | 10:09
Updated-02 Aug, 2024 | 01:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Popup by Supsystic plugin <= 1.10.27 - Broken Access Control vulnerability

Missing Authorization vulnerability in Supsystic Popup by Supsystic.This issue affects Popup by Supsystic: from n/a through 1.10.27.

Action-Not Available
Vendor-Supsystic
Product-Popup by Supsystic
CWE ID-CWE-862
Missing Authorization
CVE-2024-31347
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 30.45%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 18:06
Updated-02 Aug, 2024 | 01:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Tracking Code Manager plugin <= 2.1.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Data443 Tracking Code Manager.This issue affects Tracking Code Manager: from n/a through 2.1.0.

Action-Not Available
Vendor-Data443
Product-Tracking Code Manager
CWE ID-CWE-862
Missing Authorization
CVE-2024-32144
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.07% / 20.52%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 15:48
Updated-09 Aug, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Welcart e-Commerce plugin <= 2.9.14 - Broken Access Control vulnerability

Missing Authorization vulnerability in Welcart Inc. Welcart e-Commerce.This issue affects Welcart e-Commerce: from n/a through 2.9.14.

Action-Not Available
Vendor-welcartWelcart Inc.
Product-welcart_e-commerceWelcart e-Commerce
CWE ID-CWE-862
Missing Authorization
CVE-2024-32081
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 44.55%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 18:37
Updated-02 Aug, 2024 | 02:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Filter Custom Fields & Taxonomies Light plugin <= 1.05 - Broken Access Control vulnerability

Missing Authorization vulnerability in Websupporter Filter Custom Fields & Taxonomies Light.This issue affects Filter Custom Fields & Taxonomies Light: from n/a through 1.05.

Action-Not Available
Vendor-websupporter_filter_custom_fields_\&_taxonomies_light_projectWebsupporter
Product-websupporter_filter_custom_fields_\&_taxonomies_lightFilter Custom Fields & Taxonomies Light
CWE ID-CWE-862
Missing Authorization
CVE-2024-31350
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.24% / 47.16%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 18:04
Updated-25 Sep, 2024 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AWP Classifieds plugin <= 4.3.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in AWP Classifieds Team AWP Classifieds.This issue affects AWP Classifieds: from n/a through 4.3.1.

Action-Not Available
Vendor-Strategy11
Product-awp_classifiedsAWP Classifieds
CWE ID-CWE-862
Missing Authorization
CVE-2023-1027
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.67%
||
7 Day CHG~0.00%
Published-28 Feb, 2023 | 12:54
Updated-13 Jan, 2025 | 17:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WP Meta SEO plugin for WordPress is vulnerable to unauthorized sitemap generation due to a missing capability check on the checkAllCategoryInSitemap function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to obtain post categories. This vulnerability occurred as a result of the plugin relying on nonce checks as a means of access control, and that nonce being accessible to all authenticated users regardless of role.

Action-Not Available
Vendor-JoomUnited
Product-wp_meta_seoWP Meta SEO
CWE ID-CWE-862
Missing Authorization
CVE-2024-31859
Matching Score-4
Assigner-Mattermost, Inc.
ShareView Details
Matching Score-4
Assigner-Mattermost, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 25.84%
||
7 Day CHG~0.00%
Published-26 May, 2024 | 13:31
Updated-02 Aug, 2024 | 01:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Member promoted to channel admin via playbooks run linking to channel

Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 fail to perform proper authorization checks which allows a member running a playbook in an existing channel to be promoted to a channel admin

Action-Not Available
Vendor-Mattermost, Inc.
Product-Mattermost
CWE ID-CWE-284
Improper Access Control
CVE-2024-32124
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-4||MEDIUM
EPSS-0.03% / 5.35%
||
7 Day CHG~0.00%
Published-18 Jul, 2025 | 08:08
Updated-22 Jul, 2025 | 17:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper access control vulnerability [CWE-284] in FortiIsolator version 2.4.4, version 2.4.3, 2.3 all versions logging component may allow a remote authenticated read-only attacker to alter logs via a crafted HTTP request.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiisolatorFortiIsolator
CWE ID-CWE-284
Improper Access Control
CVE-2023-0405
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-5.4||MEDIUM
EPSS-0.13% / 33.23%
||
7 Day CHG~0.00%
Published-13 Feb, 2023 | 14:32
Updated-21 Mar, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GPT3 AI Content Writer < 1.4.38 - Subscriber+ Arbitrary Post Content Update

The GPT AI Power: Content Writer & ChatGPT & Image Generator & WooCommerce Product Writer & AI Training WordPress plugin before 1.4.38 does not perform any kind of nonce or privilege checks before letting logged-in users modify arbitrary posts.

Action-Not Available
Vendor-gptaipowerUnknown
Product-gpt_ai_powerGPT AI Power: Content Writer & ChatGPT & Image Generator & WooCommerce Product Writer & AI Training
CWE ID-CWE-862
Missing Authorization
CVE-2025-49976
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 10.65%
||
7 Day CHG~0.00%
Published-20 Jun, 2025 | 15:04
Updated-23 Jun, 2025 | 20:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WANotifier plugin <= 2.7.7 - Broken Access Control Vulnerability

Missing Authorization vulnerability in WANotifier WANotifier allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WANotifier: from n/a through 2.7.7.

Action-Not Available
Vendor-WANotifier
Product-WANotifier
CWE ID-CWE-862
Missing Authorization
CVE-2024-31423
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.24% / 47.16%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 17:15
Updated-26 Sep, 2024 | 14:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Accessibility Helper (WAH) plugin <= 0.6.2.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Alex Volkov WP Accessibility Helper (WAH).This issue affects WP Accessibility Helper (WAH): from n/a through 0.6.2.5.

Action-Not Available
Vendor-volkovAlex Volkovalex_volkov
Product-wp_accessibility_helperWP Accessibility Helper (WAH)wp_accessibility_helper
CWE ID-CWE-862
Missing Authorization
CVE-2024-32517
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 35.93%
||
7 Day CHG~0.00%
Published-17 Apr, 2024 | 07:38
Updated-02 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Custom Thank You Page Customize For WooCommerce by Binary Carpenter plugin <= 1.4.12 - Broken Access Control vulnerability

Missing Authorization vulnerability in WooCommerce & WordPress Tutorials Custom Thank You Page Customize For WooCommerce by Binary Carpenter.This issue affects Custom Thank You Page Customize For WooCommerce by Binary Carpenter: from n/a through 1.4.12.

Action-Not Available
Vendor-WooCommerce & WordPress Tutorials
Product-Custom Thank You Page Customize For WooCommerce by Binary Carpenter
CWE ID-CWE-862
Missing Authorization
CVE-2024-32455
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 30.75%
||
7 Day CHG~0.00%
Published-16 Apr, 2024 | 18:57
Updated-02 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Fatal Error Notify plugin <= 1.5.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Very Good Plugins Fatal Error Notify.This issue affects Fatal Error Notify: from n/a through 1.5.2.

Action-Not Available
Vendor-Very Good Plugins
Product-Fatal Error Notify
CWE ID-CWE-862
Missing Authorization
CVE-2024-30217
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 26.79%
||
7 Day CHG~0.00%
Published-09 Apr, 2024 | 01:03
Updated-02 Aug, 2024 | 01:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Authorization check in SAP S/4 HANA (Cash Management)

Cash Management in SAP S/4 HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can approve or reject a bank account application affecting the integrity of the application. Confidentiality and Availability are not impacted.

Action-Not Available
Vendor-SAP SE
Product-SAP S/4 HANA (Cash Management)
CWE ID-CWE-862
Missing Authorization
CVE-2020-15412
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 36.70%
||
7 Day CHG~0.00%
Published-30 Jun, 2020 | 13:15
Updated-04 Aug, 2024 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in MISP 2.4.128. app/Controller/EventsController.php lacks an event ACL check before proceeding to allow a user to send an event contact form.

Action-Not Available
Vendor-mispn/a
Product-mispn/a
CWE ID-CWE-862
Missing Authorization
CVE-2024-30216
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.89%
||
7 Day CHG~0.00%
Published-09 Apr, 2024 | 01:02
Updated-02 Aug, 2024 | 01:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Authorization check in SAP S/4 HANA (Cash Management)

Cash Management in SAP S/4 HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, attacker can add notes in the review request with 'completed' status affecting the integrity of the application. Confidentiality and Availability are not impacted.

Action-Not Available
Vendor-SAP SE
Product-SAP S/4 HANA (Cash Management)
CWE ID-CWE-862
Missing Authorization
CVE-2024-31261
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.28% / 50.77%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 11:13
Updated-26 Nov, 2024 | 15:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Announcer – Notification & message bars plugin <= 6.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Aakash Chakravarthy Announcer – Notification & message bars.This issue affects Announcer – Notification & message bars: from n/a through 6.0.

Action-Not Available
Vendor-Aakash Web
Product-announcerAnnouncer – Notification & message bars
CWE ID-CWE-862
Missing Authorization
CVE-2024-31267
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 44.55%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 11:14
Updated-01 Nov, 2024 | 14:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Flexible Checkout Fields for WooCommerce plugin <= 4.1.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Desk Flexible Checkout Fields for WooCommerce.This issue affects Flexible Checkout Fields for WooCommerce: from n/a through 4.1.2.

Action-Not Available
Vendor-wpdeskWP Desk
Product-flexible_checkout_fieldsFlexible Checkout Fields for WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2024-31252
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.30% / 53.10%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 11:12
Updated-26 Nov, 2024 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Responsive Lightbox & Gallery plugin <= 2.4.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in dFactory Responsive Lightbox.This issue affects Responsive Lightbox: from n/a through 2.4.6.

Action-Not Available
Vendor-dfactorydFactory
Product-responsive_lightbox_\&_galleryResponsive Lightbox
CWE ID-CWE-862
Missing Authorization
CVE-2024-30537
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 44.55%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 09:01
Updated-02 Aug, 2024 | 01:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPC Badge Management for WooCommerce plugin <= 2.4.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPClever WPC Badge Management for WooCommerce.This issue affects WPC Badge Management for WooCommerce: from n/a through 2.4.0.

Action-Not Available
Vendor-wpcleverWPClever
Product-wpc_badge_management_for_woocommerceWPC Badge Management for WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2024-31248
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.39% / 58.99%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 11:10
Updated-02 Dec, 2024 | 14:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress All-in-One Video Gallery plugin <= 3.5.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Team Plugins360 All-in-One Video Gallery.This issue affects All-in-One Video Gallery: from n/a through 3.5.2.

Action-Not Available
Vendor-plugins360Team Plugins360
Product-all-in-one_video_galleryAll-in-One Video Gallery
CWE ID-CWE-862
Missing Authorization
CVE-2024-30517
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 44.55%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 11:02
Updated-07 Oct, 2024 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Sliced Invoices plugin <= 3.9.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Sliced Invoices.This issue affects Sliced Invoices: from n/a through 3.9.2.

Action-Not Available
Vendor-slicedinvoicesSliced Invoices
Product-sliced_invoicesSliced Invoices
CWE ID-CWE-862
Missing Authorization
CVE-2020-15245
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 39.16%
||
7 Day CHG~0.00%
Published-19 Oct, 2020 | 20:50
Updated-04 Aug, 2024 | 13:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Email verification bypass in Sylius

In Sylius before versions 1.6.9, 1.7.9 and 1.8.3, the user may register in a shop by email mail@example.com, verify it, change it to the mail another@domain.com and stay verified and enabled. This may lead to having accounts addressed to totally different emails, that were verified. Note, that this way one is not able to take over any existing account (guest or normal one). The issue has been patched in Sylius 1.6.9, 1.7.9 and 1.8.3. As a workaround, you may resolve this issue on your own by creating a custom event listener, which will listen to the sylius.customer.pre_update event. You can determine that email has been changed if customer email and user username are different. They are synchronized later on. Pay attention, to email changing behavior for administrators. You may need to skip this logic for them. In order to achieve this, you should either check master request path info, if it does not contain /admin prefix or adjust event triggered during customer update in the shop. You can find more information on how to customize the event here.

Action-Not Available
Vendor-syliusSylius
Product-syliusSylius
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-862
Missing Authorization
CVE-2024-3115
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 28.08%
||
7 Day CHG~0.00%
Published-26 Jun, 2024 | 23:31
Updated-30 Aug, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Exposure of Sensitive Information to an Unauthorized Actor in GitLab

An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows an attacker to access issues and epics without having an SSO session using Duo Chat.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-862
Missing Authorization
CVE-2022-47176
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 25.64%
||
7 Day CHG~0.00%
Published-13 Dec, 2024 | 14:22
Updated-13 Dec, 2024 | 21:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Depicter Slider plugin <= 1.9.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Depicter Slider and Popup by Averta Depicter Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Depicter Slider: from n/a through 1.9.0.

Action-Not Available
Vendor-Depicter (Averta)
Product-Depicter Slider
CWE ID-CWE-862
Missing Authorization
CVE-2022-20620
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.97% / 75.68%
||
7 Day CHG~0.00%
Published-12 Jan, 2022 | 19:05
Updated-03 Aug, 2024 | 02:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Missing permission checks in Jenkins SSH Agent Plugin 1.23 and earlier allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins.

Action-Not Available
Vendor-Jenkins
Product-ssh_agentJenkins SSH Agent Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2022-20614
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-2.21% / 83.79%
||
7 Day CHG~0.00%
Published-12 Jan, 2022 | 00:00
Updated-03 Aug, 2024 | 02:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers with Overall/Read access to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname.

Action-Not Available
Vendor-Oracle CorporationJenkins
Product-communications_cloud_native_core_automated_test_suitemailerJenkins Mailer Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2024-30484
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 44.55%
||
7 Day CHG~0.00%
Published-04 Jun, 2024 | 19:08
Updated-02 Aug, 2024 | 01:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress RT Easy Builder plugin <= 2.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in RT Easy Builder – Advanced addons for Elementor.This issue affects RT Easy Builder – Advanced addons for Elementor: from n/a through 2.0.

Action-Not Available
Vendor-risethemes
Product-rt_easy_builderRT Easy Builder – Advanced addons for Elementor
CWE ID-CWE-862
Missing Authorization
CVE-2024-30235
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.43% / 61.59%
||
7 Day CHG~0.00%
Published-26 Mar, 2024 | 12:20
Updated-07 Feb, 2025 | 16:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Multiple Page Generator Plugin – MPG plugin <= 3.4.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Themeisle Multiple Page Generator Plugin – MPG.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.0.

Action-Not Available
Vendor-ThemeisleThemeisle
Product-multiple_page_generatorMultiple Page Generator Plugin – MPG
CWE ID-CWE-862
Missing Authorization
CVE-2022-47604
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.23% / 45.77%
||
7 Day CHG~0.00%
Published-21 Mar, 2024 | 17:41
Updated-03 Aug, 2024 | 15:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AJAX Thumbnail Rebuild plugin <= 1.13 - Broken Access Control vulnerability

Missing Authorization vulnerability in junkcoder, ristoniinemets AJAX Thumbnail Rebuild.This issue affects AJAX Thumbnail Rebuild: from n/a through 1.13.

Action-Not Available
Vendor-junkcoder, ristoniinemets
Product-AJAX Thumbnail Rebuild
CWE ID-CWE-862
Missing Authorization
CVE-2022-4814
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-8.6||HIGH
EPSS-0.09% / 25.91%
||
7 Day CHG~0.00%
Published-28 Dec, 2022 | 00:00
Updated-10 Apr, 2025 | 16:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Access Control in usememos/memos

Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.

Action-Not Available
Vendor-Usememos
Product-memosusememos/memos
CWE ID-CWE-284
Improper Access Control
CVE-2022-4810
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 14.20%
||
7 Day CHG~0.00%
Published-28 Dec, 2022 | 00:00
Updated-10 Apr, 2025 | 16:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Access Control in usememos/memos

Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.

Action-Not Available
Vendor-Usememos
Product-memosusememos/memos
CWE ID-CWE-284
Improper Access Control
CVE-2024-28969
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-4.3||MEDIUM
EPSS-1.17% / 77.83%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 15:05
Updated-06 Aug, 2024 | 15:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources.

Action-Not Available
Vendor-Dell Inc.
Product-secure_connect_gatewaySecure Connect Gateway-ApplicationSecure Connect Gateway-Appliancesecure_connect_gateway_applicationsecure_connect_gateway_appliance
CWE ID-CWE-284
Improper Access Control
CVE-2022-46158
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 36.44%
||
7 Day CHG~0.00%
Published-08 Dec, 2022 | 21:50
Updated-23 Apr, 2025 | 16:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Potential Information exposure in the upload directory in PrestaShop

PrestaShop is an open-source e-commerce solution. Versions prior to 1.7.8.8 did not properly restrict host filesystem access for users. Users may have been able to view the contents of the upload directory without appropriate permissions. This issue has been addressed and users are advised to upgrade to version 1.7.8.8. There are no known workarounds for this issue.

Action-Not Available
Vendor-PrestaShop S.A
Product-prestashopPrestaShop
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-862
Missing Authorization
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • ...
  • 26
  • 27
  • Next
Details not found