| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Missing Authorization vulnerability in OnTheGoSystems WooCommerce Multilingual & Multicurrency allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Multilingual & Multicurrency: from n/a through 5.3.8. |
| Missing Authorization vulnerability in Hive Support Hive Support allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Hive Support: from n/a through 1.2.2. |
| Missing Authorization vulnerability in Vagonic Woocommerce Products Reorder Drag Drop Multiple Sort – Sortable, Rearrange Products Vagonic. This issue affects Woocommerce Products Reorder Drag Drop Multiple Sort – Sortable, Rearrange Products Vagonic: from n/a through 1.9. |
| The Embedder plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajax_set_global_option() function in versions 1.3 to 1.3.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. |
| Missing Authorization vulnerability in Spider Themes Spider Elements – Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Spider Elements – Addons for Elementor: from n/a through 1.6.2. |
| Missing Authorization vulnerability in QuantumCloud SEO Help allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SEO Help: from n/a through 6.6.1. |
| Missing Authorization vulnerability in Toast Plugins Internal Link Optimiser allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Internal Link Optimiser: from n/a through 5.1.2. |
| Missing Authorization vulnerability in Hive Support Hive Support allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Hive Support: from n/a through 1.2.2. |
| Missing Authorization vulnerability in CreativeMindsSolutions CM Registration and Invitation Codes allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CM Registration and Invitation Codes: from n/a through 2.5.2. |
| Missing Authorization vulnerability in Detheme DethemeKit For Elementor. This issue affects DethemeKit For Elementor: from n/a through 2.1.10. |
| Missing Authorization vulnerability in NotFound AnyTrack Affiliate Link Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AnyTrack Affiliate Link Manager: from n/a through 1.0.4. |
| Missing Authorization vulnerability in Wpmet Elements kit Elementor addons allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Elements kit Elementor addons: from n/a through 3.1.4. |
| Missing Authorization vulnerability in Popup Maker Popup Maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup Maker: from n/a through 1.17.1. |
| Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through 2.9.13. |
| Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Blocks for Gutenberg: from n/a through 3.8.5. |
| BMC Track-It! GetData Missing Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of BMC Track-It!. Authentication is required to exploit this vulnerability.
The specific flaw exists within the GetData endpoint. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-14527. |
| Missing Authorization vulnerability in Dimitri Grassi Salon booking system allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Salon booking system: from n/a through 10.10.7. |
| The scriptfu network server in GIMP 2.6 does not require authentication, which allows remote attackers to execute arbitrary commands via the python-fu-eval command. |
| The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) before 6.2.0, does not properly enforce the method level restrictions for JAX-WS Service endpoints, which allows remote authenticated users to access otherwise restricted JAX-WS handlers by leveraging permissions to the EJB class. |
| OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-2 does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to obtain sensitive information (flavor properties), boot arbitrary flavors, and possibly have other unspecified impacts by guessing the flavor id. |
