CWE-862 CVEs and Security Vulnerabilities

Filtered by CWE-862

Search

Switch to Advanced Search (Beta)

Total 4798 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2024-37470	1 Wofficeio	1 Woffice Core	2024-11-01	8.2 High
Missing Authorization vulnerability in WofficeIO Woffice Core allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Woffice Core: from n/a through 5.4.8.
CVE-2024-37468	1 Blazethemes	1 Newsmatic	2024-11-01	5.3 Medium
Missing Authorization vulnerability in blazethemes Newsmatic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Newsmatic: from n/a through 1.3.1.
CVE-2024-37456	1 Noptin	1 Noptin	2024-11-01	5.3 Medium
Missing Authorization vulnerability in Noptin Newsletter Noptin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Noptin: from n/a through 3.4.2.
CVE-2024-37444	1 Wpmudev	1 Defender Security	2024-11-01	5.3 Medium
Missing Authorization vulnerability in WPMU DEV Defender Security allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Defender Security: from n/a through 4.7.1.
CVE-2024-37443			2024-11-01	4.3 Medium
Missing Authorization vulnerability in Automattic WP Job Manager - Resume Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Manager - Resume Manager: from n/a through 2.1.0.
CVE-2024-37440			2024-11-01	4.3 Medium
Missing Authorization vulnerability in Andy Moyle Church Admin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Church Admin: from n/a through 4.4.4.
CVE-2024-38740			2024-11-01	5.4 Medium
Missing Authorization vulnerability in Packlink Shipping S.L. Packlink PRO shipping module allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Packlink PRO shipping module: from n/a through 3.4.6.
CVE-2024-37439	1 Uncannyowl	1 Uncanny Toolkit Pro For Learndash	2024-11-01	5.4 Medium
Missing Authorization vulnerability in Uncanny Owl Uncanny Toolkit Pro for LearnDash allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Toolkit Pro for LearnDash: from n/a through 4.1.4.0
CVE-2024-37427	1 Arraytics	1 Timetics	2024-11-01	5.3 Medium
Missing Authorization vulnerability in Arraytics Timetics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Timetics: from n/a through 1.0.21.
CVE-2024-37425			2024-11-01	5.4 Medium
Missing Authorization vulnerability in Automattic Newspack Blocks newspack-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Newspack Blocks: from n/a through 3.0.8.
CVE-2024-9361	1 Giuliopanda	1 Bulk Images Optimizer	2024-11-01	4.3 Medium
The Bulk images optimizer: Resize, optimize, convert to webp, rename … plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_configuration' function in all versions up to, and including, 2.0.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update plugin options.
CVE-2024-50421	1 Wpovernight	1 Woocommerce Pdf Invoices\& Packing Slips	2024-11-01	5.3 Medium
Missing Authorization vulnerability in WP Overnight WooCommerce PDF Invoices & Packing Slips allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce PDF Invoices & Packing Slips: from n/a through 3.8.6.
CVE-2024-50454	1 Seopress	1 Seopress	2024-11-01	5.3 Medium
Missing Authorization vulnerability in The SEO Guys at SEOPress SEOPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEOPress: from n/a through 8.1.1.
CVE-2024-50424			2024-11-01	6.5 Medium
Missing Authorization vulnerability in Templately allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Templately: from n/a through 3.1.5.
CVE-2024-50428			2024-11-01	4.3 Medium
Missing Authorization vulnerability in Mondula GmbH Multi Step Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Multi Step Form: from n/a through 1.7.21.
CVE-2024-50423			2024-11-01	5.4 Medium
Missing Authorization vulnerability in Templately allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Templately: from n/a through 3.1.5.
CVE-2024-50422	1 Cloudways	1 Breeze	2024-11-01	5.3 Medium
Missing Authorization vulnerability in Cloudways Breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through 2.1.14.
CVE-2024-10399			2024-11-01	4.3 Medium
The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_search_users function in all versions up to, and including, 5.0.13. This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain usernames and emails of site users.
CVE-2024-44156	1 Apple	1 Macos	2024-11-01	7.1 High
A path deletion vulnerability was addressed by preventing vulnerable code from running with privileges. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to bypass Privacy preferences.
CVE-2024-42934	1 Redhat	2 Enterprise Linux, Rhel Eus	2024-10-31	5 Medium
OpenIPMI before 2.0.36 has an out-of-bounds array access (for authentication type) in the ipmi_sim simulator, resulting in denial of service or (with very low probability) authentication bypass or code execution.

« first previous Page 231 of 240. next last »