Filtered by CWE-862
Total 3276 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-37468 1 Blazethemes 1 Newsmatic 2024-11-01 5.3 Medium
Missing Authorization vulnerability in blazethemes Newsmatic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Newsmatic: from n/a through 1.3.1.
CVE-2022-20736 1 Cisco 1 Appdynamics Controller 2024-11-01 5.3 Medium
A vulnerability in the web-based management interface of Cisco AppDynamics Controller Software could allow an unauthenticated, remote attacker to access a configuration file and the login page for an administrative console that they would not normally have authorization to access. This vulnerability is due to improper authorization checking for HTTP requests that are submitted to the affected web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected instance of AppDynamics Controller. A successful exploit could allow the attacker to access the login page for an administrative console. AppDynamics has released software updates that address this vulnerability.
CVE-2024-9361 1 Giuliopanda 1 Bulk Images Optimizer 2024-11-01 4.3 Medium
The Bulk images optimizer: Resize, optimize, convert to webp, rename … plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_configuration' function in all versions up to, and including, 2.0.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update plugin options.
CVE-2024-33941 1 Ipanorama 360 Wordpress Virtual Tour Builder Project 1 Ipanorama 360 Wordpress Virtual Tour Builder 2024-11-01 5.3 Medium
Missing Authorization vulnerability in Avirtum iPanorama 360 WordPress Virtual Tour Builder.This issue affects iPanorama 360 WordPress Virtual Tour Builder: from n/a through 1.8.1.
CVE-2024-33547 1 Aa-team 1 Wzone 2024-11-01 8.3 High
Missing Authorization vulnerability in AA-Team WZone.This issue affects WZone: from n/a through 14.0.10.
CVE-2023-52177 1 Softlabdb 1 Integrate Google Drive 2024-11-01 5.4 Medium
Missing Authorization vulnerability in SoftLab Integrate Google Drive.This issue affects Integrate Google Drive: from n/a through 1.3.3.
CVE-2024-33555 1 8theme 1 Xstore Core 2024-11-01 8.1 High
Missing Authorization vulnerability in 8theme XStore Core.This issue affects XStore Core: from n/a through 5.3.8.
CVE-2024-33561 1 8theme 1 Xstore 2024-11-01 7.5 High
Missing Authorization vulnerability in 8theme XStore.This issue affects XStore: from n/a through 9.3.8.
CVE-2024-33563 1 8theme 1 Xstore 2024-11-01 7.6 High
Missing Authorization vulnerability in 8theme XStore.This issue affects XStore: from n/a through 9.3.8.
CVE-2024-33564 1 8theme 1 Xstore 2024-11-01 8.8 High
Missing Authorization vulnerability in 8theme XStore.This issue affects XStore: from n/a through 9.3.8.
CVE-2024-33545 1 Aa-team 1 Wzone 2024-11-01 5.3 Medium
Missing Authorization vulnerability in AA-Team WZone.This issue affects WZone: from n/a through 14.0.10.
CVE-2024-33543 1 Codepeople 1 Wp Time Slots Booking Form 2024-11-01 7.5 High
Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through 1.2.06.
CVE-2024-31274 1 Wpdeveloper 1 Embedpress 2024-11-01 5.3 Medium
Missing Authorization vulnerability in WPDeveloper EmbedPress.This issue affects EmbedPress: from n/a through 3.9.11.
CVE-2024-31273 1 Wiselyhub 1 Js Help Desk 2024-11-01 5.3 Medium
Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.8.3.
CVE-2024-31267 1 Wpdesk 1 Flexible Checkout Fields 2024-11-01 4.3 Medium
Missing Authorization vulnerability in WP Desk Flexible Checkout Fields for WooCommerce.This issue affects Flexible Checkout Fields for WooCommerce: from n/a through 4.1.2.
CVE-2024-5770 1 Webfactoryltd 1 Wp Force Ssl 2024-11-01 4.2 Medium
The WP Force SSL & HTTPS SSL Redirect plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_save_setting' function in versions up to, and including, 1.66. This makes it possible for authenticated attackers, subscriber-level permissions and above, to update the plugin settings.
CVE-2024-5654 1 Gsheetconnector 1 Cf7 Google Sheets Connector 2024-11-01 6.5 Medium
The CF7 Google Sheets Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'execute_post_data_cg7_free' function in all versions up to, and including, 5.0.9. This makes it possible for unauthenticated attackers to toggle site configuration settings, including WP_DEBUG, WP_DEBUG_LOG, SCRIPT_DEBUG, and SAVEQUERIES.
CVE-2024-50423 2024-11-01 5.4 Medium
Missing Authorization vulnerability in Templately allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Templately: from n/a through 3.1.5.
CVE-2024-50428 2024-11-01 4.3 Medium
Missing Authorization vulnerability in Mondula GmbH Multi Step Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Multi Step Form: from n/a through 1.7.21.
CVE-2024-50422 1 Cloudways 1 Breeze 2024-11-01 5.3 Medium
Missing Authorization vulnerability in Cloudways Breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through 2.1.14.