Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-8796

Summary
Assigner-VulDB
Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5
Published At-10 Aug, 2025 | 06:02
Updated At-13 Aug, 2025 | 14:38
Rejected At-
Credits

LitmusChaos Litmus Delete Request delete_project authorization

A vulnerability has been found in LitmusChaos Litmus up to 3.19.0 and classified as problematic. This vulnerability affects unknown code of the file /auth/delete_project/ of the component Delete Request Handler. The manipulation of the argument projectID leads to missing authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulDB
Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5
Published At:10 Aug, 2025 | 06:02
Updated At:13 Aug, 2025 | 14:38
Rejected At:
▼CVE Numbering Authority (CNA)
LitmusChaos Litmus Delete Request delete_project authorization

A vulnerability has been found in LitmusChaos Litmus up to 3.19.0 and classified as problematic. This vulnerability affects unknown code of the file /auth/delete_project/ of the component Delete Request Handler. The manipulation of the argument projectID leads to missing authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Products
Vendor
LitmusChaos
Product
Litmus
Modules
  • Delete Request Handler
Versions
Affected
  • 3.0
  • 3.1
  • 3.2
  • 3.3
  • 3.4
  • 3.5
  • 3.6
  • 3.7
  • 3.8
  • 3.9
  • 3.10
  • 3.11
  • 3.12
  • 3.13
  • 3.14
  • 3.15
  • 3.16
  • 3.17
  • 3.18
  • 3.19.0
Problem Types
TypeCWE IDDescription
CWECWE-862Missing Authorization
CWECWE-863Incorrect Authorization
Type: CWE
CWE ID: CWE-862
Description: Missing Authorization
Type: CWE
CWE ID: CWE-863
Description: Incorrect Authorization
Metrics
VersionBase scoreBase severityVector
4.05.3MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R
3.05.4MEDIUM
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R
2.05.5N/A
AV:N/AC:L/Au:S/C:N/I:P/A:P/E:POC/RL:ND/RC:UR
Version: 4.0
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R
Version: 3.0
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R
Version: 2.0
Base score: 5.5
Base severity: N/A
Vector:
AV:N/AC:L/Au:S/C:N/I:P/A:P/E:POC/RL:ND/RC:UR
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
reporter
maique (VulDB User)
Timeline
EventDate
Advisory disclosed2025-08-09 00:00:00
VulDB entry created2025-08-09 02:00:00
VulDB entry last update2025-08-09 07:39:32
Event: Advisory disclosed
Date: 2025-08-09 00:00:00
Event: VulDB entry created
Date: 2025-08-09 02:00:00
Event: VulDB entry last update
Date: 2025-08-09 07:39:32
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/?id.319324
vdb-entry
technical-description
https://vuldb.com/?ctiid.319324
signature
permissions-required
https://vuldb.com/?submit.625989
third-party-advisory
https://github.com/MaiqueSilva/VulnDB/blob/main/readme06.md
exploit
Hyperlink: https://vuldb.com/?id.319324
Resource:
vdb-entry
technical-description
Hyperlink: https://vuldb.com/?ctiid.319324
Resource:
signature
permissions-required
Hyperlink: https://vuldb.com/?submit.625989
Resource:
third-party-advisory
Hyperlink: https://github.com/MaiqueSilva/VulnDB/blob/main/readme06.md
Resource:
exploit
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/MaiqueSilva/VulnDB/blob/main/readme06.md
exploit
https://vuldb.com/?submit.625989
exploit
Hyperlink: https://github.com/MaiqueSilva/VulnDB/blob/main/readme06.md
Resource:
exploit
Hyperlink: https://vuldb.com/?submit.625989
Resource:
exploit
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cna@vuldb.com
Published At:10 Aug, 2025 | 06:15
Updated At:13 Aug, 2025 | 15:15

A vulnerability has been found in LitmusChaos Litmus up to 3.19.0 and classified as problematic. This vulnerability affects unknown code of the file /auth/delete_project/ of the component Delete Request Handler. The manipulation of the argument projectID leads to missing authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.05.3MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Secondary2.05.5MEDIUM
AV:N/AC:L/Au:S/C:N/I:P/A:P
Type: Secondary
Version: 4.0
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Type: Secondary
Version: 2.0
Base score: 5.5
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:N/I:P/A:P
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-862Secondarycna@vuldb.com
CWE-863Secondarycna@vuldb.com
CWE ID: CWE-862
Type: Secondary
Source: cna@vuldb.com
CWE ID: CWE-863
Type: Secondary
Source: cna@vuldb.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/MaiqueSilva/VulnDB/blob/main/readme06.mdcna@vuldb.com
N/A
https://vuldb.com/?ctiid.319324cna@vuldb.com
N/A
https://vuldb.com/?id.319324cna@vuldb.com
N/A
https://vuldb.com/?submit.625989cna@vuldb.com
N/A
https://github.com/MaiqueSilva/VulnDB/blob/main/readme06.md134c704f-9b21-4f2e-91b3-4a467353bcc0
N/A
https://vuldb.com/?submit.625989134c704f-9b21-4f2e-91b3-4a467353bcc0
N/A
Hyperlink: https://github.com/MaiqueSilva/VulnDB/blob/main/readme06.md
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/?ctiid.319324
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/?id.319324
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/?submit.625989
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://github.com/MaiqueSilva/VulnDB/blob/main/readme06.md
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource: N/A
Hyperlink: https://vuldb.com/?submit.625989
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

315Records found
CVE-2024-9629
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.13% / 33.48%
||
7 Day CHG+0.02%
Published-28 Oct, 2024 | 17:31
Updated-29 Oct, 2024 | 14:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Contact Form 7 + Telegram <= 0.8.5 - Missing Authorization to Authenticated (Subscriber+) Subscription Approve/Pause/Refuse

The Contact Form 7 + Telegram plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'wpcf7_Telegram::ajax' function in versions up to, and including, 0.8.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to approve, pause and refuse subscriptions.

Action-Not Available
Vendor-hokku
Product-Contact Form 7 + Telegram
CWE ID-CWE-862
Missing Authorization
CVE-2023-3053
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.82%
||
7 Day CHG~0.00%
Published-02 Jun, 2023 | 23:37
Updated-20 Dec, 2024 | 23:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Page Builder by AZEXO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'azh_add_post' function in versions up to, and including, 1.27.133. This makes it possible for authenticated attackers to create a post with any post type and post status.

Action-Not Available
Vendor-azexoazexo
Product-page_builder_with_image_map_by_azexoPage Builder with Image Map by AZEXO
CWE ID-CWE-862
Missing Authorization
CVE-2023-29433
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 29.81%
||
7 Day CHG+0.01%
Published-09 Dec, 2024 | 11:31
Updated-09 Dec, 2024 | 18:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress tencentcloud-cos plugin <= 1.0.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in 腾讯云 tencentcloud-cos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects tencentcloud-cos: from n/a through 1.0.7.

Action-Not Available
Vendor-腾讯云
Product-tencentcloud-cos
CWE ID-CWE-862
Missing Authorization
CVE-2024-9825
Matching Score-4
Assigner-Progress Software Corporation
ShareView Details
Matching Score-4
Assigner-Progress Software Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 29.73%
||
7 Day CHG+0.01%
Published-28 Oct, 2024 | 18:42
Updated-29 Oct, 2024 | 14:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
The Chef Habitat builder is impacted by Indirect Object reference(IDOR) by deletion of personal access token

The Chef Habitat builder-api on-prem-builder package  with any version lower than habitat/builder-api/10315/20240913162802 is vulnerable to indirect object reference (IDOR) by un-authorized deletion of personal token.  Habitat builder consumes builder-api habitat package as a dependency and the vulnerability was specifically due to builder-api habitat package. The fix was made available in habitat/builder-api/10315/20240913162802 and all the subsequent versions after that. We would recommend user to always use on-prem stable channel.

Action-Not Available
Vendor-Progress Software Corporation
Product-Chef Habitat Builder
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-9584
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.13% / 32.77%
||
7 Day CHG~0.00%
Published-25 Oct, 2024 | 17:32
Updated-05 Nov, 2024 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Image Map Pro <= 6.0.20 - Missing Authorization to Authenticated (Contributor+) Map Project Add/Update/Delete

The Image Map Pro plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the AJAX functions in versions up to, and including, 6.0.20. This makes it possible for authenticated attackers with contributor-level privileges or above, to add, update or delete map projects.

Action-Not Available
Vendor-webcraftpluginsimagemappro
Product-image_map_proImage Map Pro – Drag-and-drop Builder for Interactive Images
CWE ID-CWE-862
Missing Authorization
CVE-2024-9587
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.03% / 6.51%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 05:33
Updated-29 Jan, 2025 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Linkz.ai <= 1.1.8 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update via AJAX

The Linkz.ai plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_linkz' function in versions up to, and including, 1.1.8. This makes it possible for authenticated attackers with contributor-level privileges or above, to update plugin settings.

Action-Not Available
Vendor-linkz.aivittor1o
Product-linkz.aiLinkz.ai – Automatic link previews on hover
CWE ID-CWE-862
Missing Authorization
CVE-2023-29239
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.12% / 31.64%
||
7 Day CHG+0.01%
Published-09 Dec, 2024 | 11:31
Updated-09 Dec, 2024 | 13:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress LuckyWP Scripts Control plugin <= 1.2.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in LuckyWP LuckyWP Scripts Control allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LuckyWP Scripts Control: from n/a through 1.2.1.

Action-Not Available
Vendor-LuckyWP
Product-LuckyWP Scripts Control
CWE ID-CWE-862
Missing Authorization
CVE-2023-27454
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.06% / 17.85%
||
7 Day CHG~0.00%
Published-09 Dec, 2024 | 11:31
Updated-09 Dec, 2024 | 15:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Rife Elementor Extensions & Templates plugin <= 1.1.10 - Broken Access Control vulnerability

Missing Authorization vulnerability in Apollo13Themes Rife Elementor Extensions & Templates allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rife Elementor Extensions & Templates: from n/a through 1.1.10.

Action-Not Available
Vendor-Apollo13Themes
Product-Rife Elementor Extensions & Templates
CWE ID-CWE-862
Missing Authorization
CVE-2023-27607
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.10% / 27.72%
||
7 Day CHG~0.00%
Published-21 Mar, 2024 | 17:15
Updated-02 Aug, 2024 | 12:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Points and Rewards for WooCommerce plugin <= 1.5.0 - Settings Change vulnerability

Missing Authorization vulnerability in WP Swings Points and Rewards for WooCommerce.This issue affects Points and Rewards for WooCommerce: from n/a through 1.5.0.

Action-Not Available
Vendor-WP Swings
Product-Points and Rewards for WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2024-9520
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.3||MEDIUM
EPSS-0.13% / 32.84%
||
7 Day CHG~0.00%
Published-10 Oct, 2024 | 02:06
Updated-15 Oct, 2024 | 14:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
UserPlus <= 2.0 - Missing Authorization via Multiple Functions

The UserPlus plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.0. This makes it possible for authenticated attackers with subscriber-level permissions or above, to add, modify, or delete user meta and plugin options.

Action-Not Available
Vendor-wpuserplususerplus
Product-userplusUser registration & user profile – UserPlus
CWE ID-CWE-862
Missing Authorization
CVE-2024-8121
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.13% / 32.67%
||
7 Day CHG~0.00%
Published-04 Sep, 2024 | 06:49
Updated-06 Sep, 2024 | 16:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Missing Authorization to Admin Username Change

The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification of user names due to a missing capability check on the wpext_change_admin_name() function in all versions up to, and including, 3.0.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change an admin's username to a username of their liking as long as the default 'admin' was used.

Action-Not Available
Vendor-wpextendedwpextended
Product-wp_extendedThe Ultimate WordPress Toolkit – WP Extended
CWE ID-CWE-862
Missing Authorization
CVE-2024-6754
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 25.55%
||
7 Day CHG~0.00%
Published-24 Jul, 2024 | 02:33
Updated-03 Sep, 2024 | 21:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Social Auto Poster <= 5.3.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Update via wpw_auto_poster_update_tweet_template

The Social Auto Poster plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the ‘wpw_auto_poster_update_tweet_template’ function in all versions up to, and including, 5.3.14. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary post metadata.

Action-Not Available
Vendor-WPWeb Elite
Product-social_auto_posterSocial Auto Poster
CWE ID-CWE-862
Missing Authorization
CVE-2024-55992
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.07% / 22.97%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:14
Updated-16 Dec, 2024 | 19:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce Basic Ordernumbers plugin <= 1.4.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in Open Tools WooCommerce Basic Ordernumbers allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Basic Ordernumbers: from n/a through 1.4.4.

Action-Not Available
Vendor-Open Tools
Product-WooCommerce Basic Ordernumbers
CWE ID-CWE-862
Missing Authorization
CVE-2024-55998
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.07% / 22.97%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:13
Updated-16 Dec, 2024 | 20:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Popup Surveys & Polls for WordPress (Mare.io) plugin <= 1.36 - Settings Change vulnerability

Missing Authorization vulnerability in dusthazard Popup Surveys & Polls for WordPress (Mare.io) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup Surveys & Polls for WordPress (Mare.io): from n/a through 1.36.

Action-Not Available
Vendor-dusthazard
Product-Popup Surveys & Polls for WordPress (Mare.io)
CWE ID-CWE-862
Missing Authorization
CVE-2024-56004
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.07% / 22.97%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:13
Updated-16 Dec, 2024 | 20:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Easy Site Importer plugin <= 1.0.1 - Settings Change vulnerability

Missing Authorization vulnerability in Alex W Fowler Easy Site Importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Site Importer: from n/a through 1.0.1.

Action-Not Available
Vendor-Alex W Fowler
Product-Easy Site Importer
CWE ID-CWE-862
Missing Authorization
CVE-2022-45811
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.07% / 21.36%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 15:08
Updated-03 Jan, 2025 | 18:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Post Teaser plugin <= 4.1.5 - Auth. Broken Access Control vulnerability

Missing Authorization vulnerability in WeyHan Ng Post Teaser.This issue affects Post Teaser: from n/a through 4.1.5.

Action-Not Available
Vendor-WeyHan Ng
Product-Post Teaser
CWE ID-CWE-862
Missing Authorization
CVE-2024-54311
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 24.00%
||
7 Day CHG~0.00%
Published-13 Dec, 2024 | 14:25
Updated-13 Dec, 2024 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Mark New Posts plugin <= 7.5.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in i.lychkov Mark New Posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mark New Posts: from n/a through 7.5.1.

Action-Not Available
Vendor-i.lychkov
Product-Mark New Posts
CWE ID-CWE-862
Missing Authorization
CVE-2024-55876
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.14% / 34.62%
||
7 Day CHG+0.01%
Published-12 Dec, 2024 | 18:59
Updated-30 Apr, 2025 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XWiki's scheduler in subwiki allows scheduling operations for any main wiki user

XWiki Platform is a generic wiki platform. Starting in version 1.2-milestone-2 and prior to versions 15.10.9 and 16.3.0, any user with an account on the main wiki could run scheduling operations on subwikis. To reproduce, as a user on the main wiki without any special right, view the document `Scheduler.WebHome` in a subwiki. Then, click on any operation (*e.g.,* Trigger) on any job. If the operation is successful, then the instance is vulnerable. This has been patched in XWiki 15.10.9 and 16.3.0. As a workaround, those who have subwikis where the Job Scheduler is enabled can edit the objects on `Scheduler.WebPreferences` to match the patch.

Action-Not Available
Vendor-XWiki SAS
Product-xwikixwiki-platform
CWE ID-CWE-862
Missing Authorization
CVE-2024-53806
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 24.00%
||
7 Day CHG~0.00%
Published-06 Dec, 2024 | 13:06
Updated-06 Dec, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Maspik plugin <= 2.2.7 - CSRF to Settings Change vulnerability

Missing Authorization vulnerability in WpMaspik Maspik – Spam blacklist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Maspik – Spam blacklist: from n/a through 2.2.7.

Action-Not Available
Vendor-WpMaspik
Product-Maspik – Spam blacklist
CWE ID-CWE-862
Missing Authorization
CVE-2022-45351
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 12.63%
||
7 Day CHG~0.00%
Published-25 Mar, 2024 | 11:19
Updated-31 Jan, 2025 | 14:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Betheme premium theme <= 26.6.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1.

Action-Not Available
Vendor-Muffin Group
Product-bethemeBetheme
CWE ID-CWE-862
Missing Authorization
CVE-2024-52518
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.05% / 14.61%
||
7 Day CHG~0.00%
Published-15 Nov, 2024 | 16:46
Updated-23 Jan, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Nextcloud Server is missing password confirmation when changing external storage options

Nextcloud Server is a self hosted personal cloud system. After an attacker got access to the session of a user or administrator, the attacker would be able to create, change or delete external storages without having to confirm the password. It is recommended that the Nextcloud Server is upgraded to 28.0.12, 29.0.9 or 30.0.2.

Action-Not Available
Vendor-Nextcloud GmbH
Product-nextcloud_serversecurity-advisories
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-52312
Matching Score-4
Assigner-Amazon
ShareView Details
Matching Score-4
Assigner-Amazon
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 25.46%
||
7 Day CHG+0.01%
Published-09 Nov, 2024 | 00:43
Updated-12 Nov, 2024 | 15:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
data.all authenticated users can perform restricted operations against DataSets and Environments

Due to inconsistent authorization permissions, data.all may allow an external actor with an authenticated account to perform restricted operations against DataSets and Environments.

Action-Not Available
Vendor-amazon
Product-data.all
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-51817
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 24.42%
||
7 Day CHG~0.00%
Published-19 Nov, 2024 | 16:30
Updated-20 Nov, 2024 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Combo WP Rewrite Slugs plugin <= 1.0 - Settings Change vulnerability

Missing Authorization vulnerability in CodeZel Combo WP Rewrite Slugs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Combo WP Rewrite Slugs: from n/a through 1.0.

Action-Not Available
Vendor-CodeZel
Product-Combo WP Rewrite Slugs
CWE ID-CWE-862
Missing Authorization
CVE-2022-45356
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.09% / 25.65%
||
7 Day CHG~0.00%
Published-25 Mar, 2024 | 11:23
Updated-31 Jan, 2025 | 14:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Betheme premium theme <= 26.6.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1.

Action-Not Available
Vendor-Muffin Group
Product-bethemeBetheme
CWE ID-CWE-862
Missing Authorization
CVE-2024-5087
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.3||MEDIUM
EPSS-0.23% / 45.95%
||
7 Day CHG+0.06%
Published-08 Jun, 2024 | 05:44
Updated-31 Oct, 2024 | 18:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Minimal Coming Soon – Coming Soon Page <= 2.38 - Missing Authorization to Limited Settings Change

The Minimal Coming Soon – Coming Soon Page plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the validate_ajax, deactivate_ajax, and save_ajax functions in all versions up to, and including, 2.38. This makes it possible for authenticated attackers, with Subscriber-level access and above, to edit the license key, which could disable features of the plugin.

Action-Not Available
Vendor-webfactoryltdwebfactory
Product-minimal_coming_soon_\&_maintenance_modeMinimal Coming Soon – Coming Soon Page
CWE ID-CWE-862
Missing Authorization
CVE-2024-50423
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.10% / 28.70%
||
7 Day CHG+0.02%
Published-29 Oct, 2024 | 21:26
Updated-01 Nov, 2024 | 12:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Templately plugin <= 3.1.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Templately allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Templately: from n/a through 3.1.5.

Action-Not Available
Vendor-Templately
Product-Templately
CWE ID-CWE-862
Missing Authorization
CVE-2022-45851
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 12.63%
||
7 Day CHG~0.00%
Published-25 Mar, 2024 | 11:30
Updated-03 Aug, 2024 | 14:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ShareThis Dashboard for Google Analytics plugin <= 3.1.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in ShareThis ShareThis Dashboard for Google Analytics.This issue affects ShareThis Dashboard for Google Analytics: from n/a through 3.1.4.

Action-Not Available
Vendor-ShareThis
Product-ShareThis Dashboard for Google Analytics
CWE ID-CWE-862
Missing Authorization
CVE-2024-49689
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 24.42%
||
7 Day CHG~0.00%
Published-19 Nov, 2024 | 16:30
Updated-20 Nov, 2024 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress HD Quiz – Save Results Light plugin <= 0.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Harmonic Design HD Quiz – Save Results Light allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HD Quiz – Save Results Light: from n/a through 0.5.

Action-Not Available
Vendor-Harmonic Design
Product-HD Quiz – Save Results Light
CWE ID-CWE-862
Missing Authorization
CVE-2024-49686
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.07% / 21.36%
||
7 Day CHG~0.00%
Published-31 Dec, 2024 | 13:57
Updated-31 Dec, 2024 | 15:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Landing Page Cat plugin <= 1.7.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in Fatcat Apps Landing Page Cat.This issue affects Landing Page Cat: from n/a through 1.7.4.

Action-Not Available
Vendor-Fatcat Apps
Product-Landing Page Cat
CWE ID-CWE-862
Missing Authorization
CVE-2024-48044
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.23% / 45.99%
||
7 Day CHG+0.04%
Published-01 Nov, 2024 | 14:18
Updated-19 Nov, 2024 | 17:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ShortPixel Image Optimizer plugin <= 5.6.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in ShortPixel – Convert WebP/AVIF & Optimize Images ShortPixel Image Optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShortPixel Image Optimizer: from n/a through 5.6.3.

Action-Not Available
Vendor-shortpixelShortPixel – Convert WebP/AVIF & Optimize Images
Product-image_optimizerShortPixel Image Optimizer
CWE ID-CWE-862
Missing Authorization
CVE-2022-45352
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 12.30%
||
7 Day CHG~0.00%
Published-25 Mar, 2024 | 11:21
Updated-31 Jan, 2025 | 14:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Betheme premium theme <= 26.6.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1.

Action-Not Available
Vendor-Muffin Group
Product-bethemeBetheme
CWE ID-CWE-862
Missing Authorization
CVE-2024-45128
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-5.4||MEDIUM
EPSS-0.16% / 37.44%
||
7 Day CHG~0.00%
Published-10 Oct, 2024 | 09:58
Updated-14 Oct, 2024 | 11:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Commerce | Incorrect Authorization (CWE-863)

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity and availability. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Adobe Inc.
Product-magentocommercecommerce_b2bAdobe Commerce
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-43962
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.23% / 45.99%
||
7 Day CHG+0.04%
Published-01 Nov, 2024 | 14:17
Updated-08 Nov, 2024 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress LWS Affiliation plugin <= 2.3.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in LWS LWS Affiliation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LWS Affiliation: from n/a through 2.3.4.

Action-Not Available
Vendor-lwsLWS
Product-affiliationLWS Affiliation
CWE ID-CWE-862
Missing Authorization
CVE-2024-42373
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 33.07%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 04:53
Updated-12 Sep, 2024 | 13:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Authorization Check in SAP Student Life Cycle Management (SLcM)

SAP Student Life Cycle Management (SLcM) fails to conduct proper authorization checks for authenticated users, leading to the potential escalation of privileges. On successful exploitation it could allow an attacker to delete non-sensitive report variants that are typically restricted, causing minimal impact on the integrity of the application.

Action-Not Available
Vendor-SAP SE
Product-student_life_cycle_managementSAP Student Life Cycle Management (SLcM)
CWE ID-CWE-862
Missing Authorization
CVE-2024-43273
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.10% / 28.70%
||
7 Day CHG+0.02%
Published-01 Nov, 2024 | 14:17
Updated-01 Nov, 2024 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Icegram Collect plugin <= 1.3.14 - Broken Access Control vulnerability

Missing Authorization vulnerability in icegram Icegram Collect plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Icegram Collect plugin: from n/a through 1.3.14.

Action-Not Available
Vendor-icegram
Product-Icegram Collect
CWE ID-CWE-862
Missing Authorization
CVE-2022-42884
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.09% / 25.65%
||
7 Day CHG~0.00%
Published-17 Jan, 2024 | 18:17
Updated-23 May, 2025 | 16:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WIP Custom Login Plugin <= 1.2.7 is vulnerable to Broken Access Control

Missing Authorization vulnerability in ThemeinProgress WIP Custom Login.This issue affects WIP Custom Login: from n/a through 1.2.7.

Action-Not Available
Vendor-themeinprogressThemeinProgress
Product-wip_custom_loginWIP Custom Login
CWE ID-CWE-862
Missing Authorization
CVE-2022-41619
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 12.30%
||
7 Day CHG~0.00%
Published-17 Jan, 2024 | 17:02
Updated-21 Oct, 2024 | 11:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Image Zoom Plugin <= 1.8.8 is vulnerable to Broken Access Control

Missing Authorization vulnerability in SedLex Image Zoom.This issue affects Image Zoom: from n/a through 1.8.8.

Action-Not Available
Vendor-sedlexSedLex
Product-image_zoomImage Zoom
CWE ID-CWE-862
Missing Authorization
CVE-2024-38740
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.10% / 28.70%
||
7 Day CHG+0.02%
Published-01 Nov, 2024 | 14:18
Updated-01 Nov, 2024 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Packlink PRO shipping module plugin <= 3.4.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Packlink Shipping S.L. Packlink PRO shipping module allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Packlink PRO shipping module: from n/a through 3.4.6.

Action-Not Available
Vendor-Packlink Shipping S.L.
Product-Packlink PRO shipping module
CWE ID-CWE-862
Missing Authorization
CVE-2022-40702
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 12.30%
||
7 Day CHG~0.00%
Published-17 Jan, 2024 | 16:51
Updated-03 Aug, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Advanced Local Pickup for WooCommerce Plugin <= 1.5.2 is vulnerable to Broken Access Control

Missing Authorization vulnerability in Zorem Advanced Local Pickup for WooCommerce.This issue affects Advanced Local Pickup for WooCommerce: from n/a through 1.5.2.

Action-Not Available
Vendor-zoremZoremzorem
Product-advanced_local_pickup_for_woocommerceAdvanced Local Pickup for WooCommerceadvanced_local_pickup_for_woocommerce
CWE ID-CWE-862
Missing Authorization
CVE-2024-38733
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.10% / 28.70%
||
7 Day CHG+0.02%
Published-01 Nov, 2024 | 14:18
Updated-01 Nov, 2024 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Meks Video Importer plugin <= 1.0.12 - Broken Access Control vulnerability

Missing Authorization vulnerability in Meks Meks Video Importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Meks Video Importer: from n/a through 1.0.12.

Action-Not Available
Vendor-Meks
Product-Meks Video Importer
CWE ID-CWE-862
Missing Authorization
CVE-2022-41695
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 12.30%
||
7 Day CHG~0.00%
Published-17 Jan, 2024 | 17:09
Updated-17 Jun, 2025 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Traffic Manager Plugin <= 1.4.5 is vulnerable to Broken Access Control

Missing Authorization vulnerability in SedLex Traffic Manager.This issue affects Traffic Manager: from n/a through 1.4.5.

Action-Not Available
Vendor-sedlexSedLex
Product-traffic_managerTraffic Manager
CWE ID-CWE-862
Missing Authorization
CVE-2022-40975
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.09% / 26.88%
||
7 Day CHG~0.00%
Published-26 Apr, 2024 | 13:36
Updated-03 Aug, 2024 | 12:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Post Slider plugin <= 1.6.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Aazztech Post Slider.This issue affects Post Slider: from n/a through 1.6.7.

Action-Not Available
Vendor-Aazztech
Product-Post Slider
CWE ID-CWE-862
Missing Authorization
CVE-2022-41786
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.09% / 26.54%
||
7 Day CHG~0.00%
Published-17 Jan, 2024 | 17:14
Updated-13 Nov, 2024 | 19:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Job Portal Plugin <= 2.0.1 is vulnerable to Broken Access Control

Missing Authorization vulnerability in WP Job Portal WP Job Portal – A Complete Job Board.This issue affects WP Job Portal – A Complete Job Board: from n/a through 2.0.1.

Action-Not Available
Vendor-WP Job Portal
Product-wp_job_portalWP Job Portal – A Complete Job Board
CWE ID-CWE-862
Missing Authorization
CVE-2024-37207
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.10% / 28.70%
||
7 Day CHG+0.02%
Published-01 Nov, 2024 | 14:18
Updated-01 Nov, 2024 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Demo Awesome plugin <= 1.0.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Theme4Press Demo Awesome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Demo Awesome: from n/a through 1.0.2.

Action-Not Available
Vendor-Theme4Press
Product-Demo Awesome
CWE ID-CWE-862
Missing Authorization
CVE-2024-37542
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.06% / 18.77%
||
7 Day CHG~0.00%
Published-06 Jul, 2024 | 12:40
Updated-20 Aug, 2024 | 17:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in WpDevArt Responsive Image Gallery, Gallery Album.This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0.3.

Action-Not Available
Vendor-WpDevArt
Product-galleryResponsive Image Gallery, Gallery Album
CWE ID-CWE-862
Missing Authorization
CVE-2024-3627
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.13% / 33.70%
||
7 Day CHG~0.00%
Published-20 Jun, 2024 | 02:08
Updated-01 Aug, 2024 | 20:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Wheel of Life: Coaching and Assessment Tool for Life Coach <= 1.1.7 - Missing Authorization on Several AJAX Endpoints

The Wheel of Life: Coaching and Assessment Tool for Life Coach plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on several functions in the AjaxFunctions.php file in all versions up to, and including, 1.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary posts and modify settings.

Action-Not Available
Vendor-kraftpluginskraftplugins
Product-wheel_of_lifeWheel of Life: Coaching and Assessment Tool for Life Coach
CWE ID-CWE-862
Missing Authorization
CVE-2022-40223
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.16% / 36.92%
||
7 Day CHG~0.00%
Published-08 Nov, 2022 | 18:20
Updated-20 Feb, 2025 | 19:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SearchWP premium plugin <= 4.2.5 - Broken Authentication vulnerability

Nonce token leakage and missing authorization in SearchWP premium plugin <= 4.2.5 on WordPress leading to plugin settings change.

Action-Not Available
Vendor-SearchWP, LLC (SearchWP)
Product-searchwpSearchWP
CWE ID-CWE-862
Missing Authorization
CVE-2024-35663
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 29.52%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 14:17
Updated-09 Aug, 2024 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Translate plugin <= 5.3.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in HahnCreativeGroup WP Translate.This issue affects WP Translate: from n/a through 5.3.0.

Action-Not Available
Vendor-HahnCreativeGroup
Product-WP Translate
CWE ID-CWE-862
Missing Authorization
CVE-2024-34815
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.15% / 36.48%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 16:18
Updated-02 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Import and export users and customers plugin <= 1.26.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Codection Import and export users and customers.This issue affects Import and export users and customers: from n/a through 1.26.5.

Action-Not Available
Vendor-Codectionwebtoffee
Product-Import and export users and customersimport_and_export_users_and_customers
CWE ID-CWE-862
Missing Authorization
CVE-2024-34804
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.14% / 35.52%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 16:23
Updated-02 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Tagembed plugin <= 5.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in Tagembed.This issue affects Tagembed: from n/a through 5.8.

Action-Not Available
Vendor-Tagembed
Product-Tagembed
CWE ID-CWE-862
Missing Authorization
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • Next
Details not found