Total
6931 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-4948 | 1 Flying-press | 1 Flyingpress | 2024-11-21 | N/A | 4.3 MEDIUM |
|
The FlyingPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 3.9.6. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to interact with the plugin in ways administrators are intended to. One action (save_config) allows for the configuration of an external CDN. This could be used to include malicious javascript from a source controlled by the attacker ...
Show More |
|||||
| CVE-2022-4943 | 1 Miniorange | 1 Google Authenticator | 2024-11-21 | N/A | 7.5 HIGH |
|
The miniOrange's Google Authenticator plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when changing plugin settings in versions up to, and including, 5.6.5. This makes it possible for unauthenticated attackers to change the plugin's settings.
|
|||||
| CVE-2022-4937 | 1 Wclovers | 1 Frontend Manager For Woocommerce Along With Bookings Subscription Listings Compatible | 2024-11-21 | N/A | 6.3 MEDIUM |
|
The WCFM Frontend Manager plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 6.6.0 due to missing capability checks on various AJAX actions. This makes it possible for authenticated attackers, with minimal permissions such as subscribers, to perform a wide variety of actions such as modifying knowledge bases, modifying notices, modifying payments, managing vendors, capabilities, and so much more. There were hundreds of AJAX endpoi ...
Show More |
|||||
| CVE-2022-4935 | 1 Wclovers | 1 Wcfm Marketplace | 2024-11-21 | N/A | 8.8 HIGH |
|
The WCFM Marketplace plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 3.4.11 due to missing capability checks on various AJAX actions. This makes it possible for authenticated attackers, with minimal permissions such as subscribers, to perform a wide variety of actions such as modifying shipping method details, modifying products, deleting arbitrary posts, and privilege escalation (via the wp_ajax_wcfm_vendor_store_online AJAX a ...
Show More |
|||||
| CVE-2022-4366 | 1 Daloradius | 1 Daloradius | 2024-11-21 | N/A | 7.5 HIGH |
|
Missing Authorization in GitHub repository lirantal/daloradius prior to master branch.
|
|||||
| CVE-2022-4169 | 1 Theme And Plugin Translation For Polylang Project | 1 Theme And Plugin Translation For Polylang | 2024-11-21 | N/A | 6.5 MEDIUM |
|
The Theme and plugin translation for Polylang is vulnerable to authorization bypass in versions up to, and including, 3.2.16 due to missing capability checks in the process_polylang_theme_translation_wp_loaded() function. This makes it possible for unauthenticated attackers to update plugin and theme translation settings and to import translation strings.
|
|||||
| CVE-2022-48491 | 1 Huawei | 1 Emui | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Vulnerability of missing authentication on certain HUAWEI phones.Successful exploitation of this vulnerability can lead to ads and other windows to display at any time.
|
|||||
| CVE-2022-48452 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-11-21 | N/A | 4.4 MEDIUM |
|
In Ifaa service, there is a possible missing permission check. This could lead to local denial of service with System execution privileges needed
|
|||||
| CVE-2022-48318 | 1 Checkmk | 1 Checkmk | 2024-11-21 | N/A | 5.3 MEDIUM |
|
No authorisation controls in the RestAPI documentation for Tribe29's Checkmk <= 2.1.0p13 and Checkmk <= 2.0.0p29 which may lead to unintended information disclosure through automatically generated user specific tags within Rest API documentation.
|
|||||
| CVE-2022-47604 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in junkcoder, ristoniinemets AJAX Thumbnail Rebuild.This issue affects AJAX Thumbnail Rebuild: from n/a through 1.13.
|
|||||
| CVE-2022-47484 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-11-21 | N/A | 5.5 MEDIUM |
|
In telephony service, there is a missing permission check. This could lead to local denial of service in telephone service with no additional execution privileges needed.
|
|||||
| CVE-2022-47473 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-11-21 | N/A | 5.5 MEDIUM |
|
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
|
|||||
| CVE-2022-47472 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-11-21 | N/A | 5.5 MEDIUM |
|
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
|
|||||
| CVE-2022-47462 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-11-21 | N/A | 6.7 MEDIUM |
|
In telephone service, there is a missing permission check. This could lead to local escalation of privilege with system execution privileges needed.
|
|||||
| CVE-2022-47461 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-11-21 | N/A | 6.7 MEDIUM |
|
In telephone service, there is a missing permission check. This could lead to local escalation of privilege with system execution privileges needed.
|
|||||
| CVE-2022-46850 | 1 Easy Media Replace Project | 1 Easy Media Replace | 2024-11-21 | N/A | 8.7 HIGH |
|
Auth. (author+) Broken Access Control vulnerability leading to Arbitrary File Deletion in Nabil Lemsieh Easy Media Replace plugin <= 0.1.3 versions.
|
|||||
| CVE-2022-46158 | 1 Prestashop | 1 Prestashop | 2024-11-21 | N/A | 5.3 MEDIUM |
|
PrestaShop is an open-source e-commerce solution. Versions prior to 1.7.8.8 did not properly restrict host filesystem access for users. Users may have been able to view the contents of the upload directory without appropriate permissions. This issue has been addressed and users are advised to upgrade to version 1.7.8.8. There are no known workarounds for this issue.
|
|||||
| CVE-2022-45851 | 2024-11-21 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in ShareThis ShareThis Dashboard for Google Analytics.This issue affects ShareThis Dashboard for Google Analytics: from n/a through 3.1.4.
|
|||||
| CVE-2022-45832 | 1 Hennessey | 1 Attorney | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Missing Authorization vulnerability in Hennessey Digital Attorney.This issue affects Attorney: from n/a through 3.
|
|||||
| CVE-2022-45803 | 1 Gutenbergforms | 1 Gutenberg Forms | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Missing Authorization vulnerability in Nikolay Strikhar WordPress Form Builder Plugin – Gutenberg Forms.This issue affects WordPress Form Builder Plugin – Gutenberg Forms: from n/a through 2.2.8.3.
|
|||||
| CVE-2022-45070 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in FmeAddons Conditional Checkout Fields for WooCommerce.This issue affects Conditional Checkout Fields for WooCommerce: from n/a through 1.2.3.
|
|||||
| CVE-2022-44633 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
|
Missing Authorization vulnerability in YITH YITH WooCommerce Gift Cards Premium.This issue affects YITH WooCommerce Gift Cards Premium: from n/a through 3.23.1.
|
|||||
| CVE-2022-44435 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-11-21 | N/A | 5.5 MEDIUM |
|
In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
|
|||||
| CVE-2022-43712 | 1 Gxsoftware | 1 Xperiencentral | 2024-11-21 | N/A | 6.5 MEDIUM |
|
POST requests to /web/mvc in GX Software XperienCentral version 10.36.0 and earlier were not blocked for uses that are not logged in. If an unauthorized user is able to bypass other security filters they are able to post unauthorized data to the server because of CVE-2022-22965.
|
|||||
| CVE-2022-43581 | 1 Ibm | 1 Content Navigator | 2024-11-21 | N/A | 7.5 HIGH |
|
IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, and 3.0.12 is vulnerable to missing authorization and could allow an authenticated user to load external plugins and execute code. IBM X-Force ID: 238805.
|
|||||
| CVE-2022-43482 | 1 Codepeople | 1 Appointment Booking Calendar | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Missing Authorization vulnerability in Appointment Booking Calendar plugin <= 1.3.69 on WordPress.
|
|||||
| CVE-2022-43453 | 1 Billminozzi | 1 Wp Tools | 2024-11-21 | N/A | 8.8 HIGH |
|
Missing Authorization vulnerability in Bill Minozzi WP Tools.This issue affects WP Tools: from n/a through 3.41.
|
|||||
| CVE-2022-42909 | 1 Wepanow | 1 Print Away | 2024-11-21 | N/A | 6.5 MEDIUM |
|
WEPA Print Away does not verify that a user has authorization to access documents before generating print orders and associated release codes. This could allow an attacker to generate print orders and release codes for documents they don´t own and print hem without authorization. In order to exploit this vulnerability, the user must have an account with wepanow.com or any of the institutions they serve, and be logged in.
|
|||||
| CVE-2022-42884 | 1 Themeinprogress | 1 Wip Custom Login | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Missing Authorization vulnerability in ThemeinProgress WIP Custom Login.This issue affects WIP Custom Login: from n/a through 1.2.7.
|
|||||
| CVE-2022-42488 | 1 Openharmony | 1 Openharmony | 2024-11-21 | N/A | 8.4 HIGH |
|
OpenHarmony-v3.1.2 and prior versions have a Missing permission validation vulnerability in param service of startup subsystem. An malicious application installed on the device could elevate its privileges to the root user, disable security features, or cause DoS by disabling particular services.
|
|||||
| CVE-2022-41937 | 1 Xwiki | 1 Xwiki | 2024-11-21 | N/A | 9.6 CRITICAL |
|
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The application allows anyone with view access to modify any page of the wiki by importing a crafted XAR package. The problem has been patched in XWiki 14.6RC1, 14.6 and 13.10.8. As a workaround, setting the right of the page Filter.WebHome and making sure only the main wiki administrators can view the application installed on main wiki or edit the page and apply the changed described in comm ...
Show More |
|||||
| CVE-2022-41930 | 1 Xwiki | 1 Xwiki | 2024-11-21 | N/A | 7.5 HIGH |
|
org.xwiki.platform:xwiki-platform-user-profile-ui is missing authorization to enable or disable users. Any user (logged in or not) with access to the page XWiki.XWikiUserProfileSheet can enable or disable any user profile. This might allow to a disabled user to re-enable themselves, or to an attacker to disable any user of the wiki. The problem has been patched in XWiki 13.10.7, 14.5RC1 and 14.4.2. Workarounds: The problem can be patched immediately by editing the page `XWiki.XWikiUserProfileShe ...
Show More |
|||||
| CVE-2022-41929 | 1 Xwiki | 1 Xwiki | 2024-11-21 | N/A | 4.9 MEDIUM |
|
org.xwiki.platform:xwiki-platform-oldcore is missing authorization in User#setDisabledStatus, which may allow an incorrectly authorized user with only Script rights to enable or disable a user. This operation is meant to only be available for users with admin rights. This problem has been patched in XWiki 13.10.7, 14.4.2 and 14.5RC1.
|
|||||
| CVE-2022-41790 | 1 Codepeople | 1 Wp Time Slots Booking Form | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through 1.1.76.
|
|||||
| CVE-2022-41786 | 1 Wpjobportal | 1 Wp Job Portal | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Missing Authorization vulnerability in WP Job Portal WP Job Portal – A Complete Job Board.This issue affects WP Job Portal – A Complete Job Board: from n/a through 2.0.1.
|
|||||
| CVE-2022-41698 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
|
Missing Authorization vulnerability in Layered If Menu.This issue affects If Menu: from n/a through 0.16.3.
|
|||||
| CVE-2022-41695 | 1 Sedlex | 1 Traffic Manager | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Missing Authorization vulnerability in SedLex Traffic Manager.This issue affects Traffic Manager: from n/a through 1.4.5.
|
|||||
| CVE-2022-41692 | 1 Dwbooster | 1 Appointment Hour Booking | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Missing Authorization vulnerability in Appointment Hour Booking plugin <= 1.3.71 on WordPress.
|
|||||
| CVE-2022-41619 | 1 Sedlex | 1 Image Zoom | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Missing Authorization vulnerability in SedLex Image Zoom.This issue affects Image Zoom: from n/a through 1.8.8.
|
|||||
| CVE-2022-41272 | 1 Sap | 1 Netweaver Process Integration | 2024-11-21 | N/A | 9.9 CRITICAL |
|
An unauthenticated attacker over the network can attach to an open interface exposed through JNDI by the User Defined Search (UDS) of SAP NetWeaver Process Integration (PI) - version 7.50 and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and data across the entire system. This allows the attacker to have full read access to user data, make limited modifications to user data, and degrade the performance of the ...
Show More |
|||||