Medium
CVE-2024-33593
Missing Authorization vulnerability in RedNao Smart Forms.This issue affects Smart Forms: from n/a through 2.6.91.
Tag: Security Misconfiguration
All CVEs associated with "Security Misconfiguration". Page 36/50 • 5958 CVEs.
Subscribe CVEs: RSS for “Security Misconfiguration” · RSS (High+Critical only)
About “Security Misconfiguration”
A curated feed of “Security Misconfiguration”-related CVEs appears below. We currently track 5958 CVEs for this tag (all time). In the last 365 days, 2192 were published. Average CVSS is 5.9 (all time; 5.8 over 365d), and 26% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-862 - Missing Authorization, CWE-284 - Improper Access Control, CWE-266 - Incorrect Privilege Assignment.
In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2024-04-29
High
CVE-2024-33591
Missing Authorization vulnerability in Tips and Tricks HQ Easy Accept Payments.This issue affects Easy Accept Payments: from n/a through 4.9.10.
Medium
CVE-2024-33684
Missing Authorization vulnerability in Pdfcrowd Save as PDF plugin by Pdfcrowd allows Stored XSS.This issue affects Save as PDF plugin by Pdfcrowd: from n/a through 3.2.0.
Medium
CVE-2024-33636
Missing Authorization vulnerability in Mahesh Vora WP Page Post Widget Clone.This issue affects WP Page Post Widget Clone: from n/a through 1.0.1.
High
CVE-2024-33635
Missing Authorization vulnerability in Piotnet Piotnet Addons For Elementor Pro.This issue affects Piotnet Addons For Elementor Pro: from n/a through 7.1.17.
High
CVE-2024-33597
Missing Authorization vulnerability in ProFaceOff SSU.This issue affects SSU: from n/a through 1.5.0.
Medium
CVE-2024-33596
Missing Authorization vulnerability in Five Star Plugins Five Star Restaurant Reservations.This issue affects Five Star Restaurant Reservations: from n/a through 2.6.16.
Medium
CVE-2024-33558
Missing Authorization vulnerability in 8theme XStore Core.This issue affects XStore Core: from n/a through 5.3.5.
Medium
CVE-2024-33652
Missing Authorization vulnerability in Real Big Plugins Client Dash.This issue affects Client Dash: from n/a through 2.2.1.
Critical
CVE-2024-33566
Missing Authorization vulnerability in N-Media OrderConvo allows OS Command Injection.This issue affects OrderConvo: from n/a through 12.4.
Medium
CVE-2024-33686
Missing Authorization vulnerability in Extend Themes Pathway, Extend Themes Hugo WP, Extend Themes Althea WP, Extend Themes Elevate WP, Extend Themes Brite, Extend Themes Colibri WP, Extend Themes Ve…
2024-04-27
Medium
CVE-2024-2838
The WPC Composite Products for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wooco_components[0][name]' parameter in all versions up to, and including, 7.2.7…
2024-04-26
Medium
CVE-2022-40975
Missing Authorization vulnerability in Aazztech Post Slider.This issue affects Post Slider: from n/a through 1.6.7.
Medium
CVE-2024-32822
Missing Authorization vulnerability in impleCode Reviews Plus.This issue affects Reviews Plus: from n/a through 1.3.4.
Medium
CVE-2024-32957
Missing Authorization vulnerability in Live Composer Team Page Builder: Live Composer.This issue affects Page Builder: Live Composer: from n/a through 1.5.38.
Medium
CVE-2024-32829
Missing Authorization vulnerability in Supsystic Data Tables Generator by Supsystic.This issue affects Data Tables Generator by Supsystic: from n/a through 1.10.31.
Medium
CVE-2024-32828
Missing Authorization vulnerability in Octolize Flexible Shipping.This issue affects Flexible Shipping: from n/a through 4.24.15.
Medium
CVE-2024-32826
Missing Authorization vulnerability in Vektor,Inc. VK Block Patterns.This issue affects VK Block Patterns: from n/a through 1.31.0.
High
CVE-2024-33673
An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. Improper access controls allow for DLL Hijacking in the Windows DLL Search path.
2024-04-25
Medium
CVE-2023-52220
Missing Authorization vulnerability in MonsterInsights Google Analytics by Monster Insights.This issue affects Google Analytics by Monster Insights: from n/a through 8.21.0.
2024-04-24
Medium
CVE-2024-32678
Missing Authorization vulnerability in TrackShip TrackShip for WooCommerce.This issue affects TrackShip for WooCommerce: from n/a through 1.7.5.
Medium
CVE-2024-32677
Missing Authorization vulnerability in LoginPress LoginPress Pro.This issue affects LoginPress Pro: from n/a before 3.0.0.
Medium
CVE-2024-32675
Missing Authorization vulnerability in Xfinity Soft Order Limit for WooCommerce.This issue affects Order Limit for WooCommerce: from n/a through 2.0.0.
Medium
CVE-2024-32432
Missing Authorization vulnerability in Ovic Team Ovic Addon Toolkit.This issue affects Ovic Addon Toolkit: from n/a through 2.6.1.
Medium
CVE-2023-32127
Missing Authorization vulnerability in Daniel Powney Multi Rating allows Functionality Misuse.This issue affects Multi Rating: from n/a through 5.0.6.
Medium
CVE-2023-25785
Missing Authorization vulnerability in Shoaib Saleem WP Post Rating allows Functionality Misuse.This issue affects WP Post Rating: from n/a through 2.5.
Low
CVE-2023-23985
Missing Authorization vulnerability in Quiz Maker team Quiz Maker.This issue affects Quiz Maker: from n/a through 6.3.9.4.
Medium
CVE-2024-32951
Missing Authorization vulnerability in BloomPixel Max Addons Pro for Bricks.This issue affects Max Addons Pro for Bricks: from n/a through 1.6.1.
Critical
CVE-2024-32948
Missing Authorization vulnerability in Repute Infosystems ARMember.This issue affects ARMember: from n/a through 4.0.28.
2024-04-23
Medium
CVE-2024-32679
Missing Authorization vulnerability in Anssi Laitila Shared Files shared-files.This issue affects Shared Files: from n/a through <= 1.7.16.
2024-04-22
Medium
CVE-2024-32691
Missing Authorization vulnerability in realmag777 Active Products Tables for WooCommerce.This issue affects Active Products Tables for WooCommerce: from n/a through 1.0.6.2.
Medium
CVE-2024-32688
Missing Authorization vulnerability in Long Watch Studio MyRewards.This issue affects MyRewards: from n/a through 5.3.0.
Medium
CVE-2024-32687
Missing Authorization vulnerability in WPClever WPC Frequently Bought Together for WooCommerce.This issue affects WPC Frequently Bought Together for WooCommerce: from n/a through 7.0.3.
Medium
CVE-2024-32684
Missing Authorization vulnerability in Wpmet Wp Ultimate Review.This issue affects Wp Ultimate Review: from n/a through 2.2.5.
High
CVE-2024-32682
Missing Authorization vulnerability in BdThemes Prime Slider – Addons For Elementor.This issue affects Prime Slider – Addons For Elementor: from n/a through 3.13.2.
Medium
CVE-2024-32681
Missing Authorization vulnerability in BdThemes Prime Slider – Addons For Elementor.This issue affects Prime Slider – Addons For Elementor: from n/a through 3.13.2.
2024-04-18
Medium
CVE-2024-32689
Missing Authorization vulnerability in GenialSouls WP Social Comments.This issue affects WP Social Comments: from n/a through 1.7.3.
Medium
CVE-2024-32601
Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Popup Anything.This issue affects Popup Anything: from n/a through 2.8.
Medium
CVE-2024-32142
Missing Authorization vulnerability in Ovic Team Ovic Responsive WPBakery.This issue affects Ovic Responsive WPBakery: from n/a through 1.3.0.
Critical
CVE-2023-49742
Missing Authorization vulnerability in Support Genix.This issue affects Support Genix: from n/a through 1.2.3.
2024-04-17
High
CVE-2023-51500
Missing Authorization vulnerability in Undsgn Uncode Core.This issue affects Uncode Core: from n/a through 2.8.8.
High
CVE-2023-51418
Missing Authorization vulnerability in Joris van Montfort JVM rich text icons.This issue affects JVM rich text icons: from n/a through 1.2.6.
Medium
CVE-2022-41698
Missing Authorization vulnerability in Layered If Menu.This issue affects If Menu: from n/a through 0.16.3.
Medium
CVE-2024-1350
Missing Authorization vulnerability in Prasidhda Malla Honeypot for WP Comment.This issue affects Honeypot for WP Comment: from n/a through 2.2.3.
High
CVE-2023-44227
Missing Authorization vulnerability in Mitchell Bennis Simple File List.This issue affects Simple File List: from n/a through 6.1.9.
Medium
CVE-2024-32532
Missing Authorization vulnerability in SiteGround Speed Optimizer.This issue affects Speed Optimizer: from n/a through 7.4.6.
Medium
CVE-2024-32525
Missing Authorization vulnerability in Theme My Login.This issue affects Theme My Login: from n/a through 7.1.6.
Medium
CVE-2024-32524
Missing Authorization vulnerability in Nuggethon Custom Order Statuses for WooCommerce.This issue affects Custom Order Statuses for WooCommerce: from n/a through 1.5.2.
Medium
CVE-2024-32522
Missing Authorization vulnerability in Jaed Mosharraf & Pluginbazar Team Open Close WooCommerce Store.This issue affects Open Close WooCommerce Store: from n/a through 4.9.1.
Medium
CVE-2024-32520
Missing Authorization vulnerability in WPClever WPC Grouped Product for WooCommerce.This issue affects WPC Grouped Product for WooCommerce: from n/a through 4.4.2.
Medium
CVE-2024-32519
Missing Authorization vulnerability in GutenGeek GG Woo Feed for WooCommerce.This issue affects GG Woo Feed for WooCommerce: from n/a through 1.2.6.
Medium
CVE-2024-32518
Missing Authorization vulnerability in Pepro Dev. Group PeproDev Ultimate Invoice.This issue affects PeproDev Ultimate Invoice: from n/a through 2.0.0.
Medium
CVE-2024-32517
Missing Authorization vulnerability in WooCommerce & WordPress Tutorials Custom Thank You Page Customize For WooCommerce by Binary Carpenter.This issue affects Custom Thank You Page Customize For Woo…
Medium
CVE-2024-32516
Missing Authorization vulnerability in Palscode Multi Currency For WooCommerce.This issue affects Multi Currency For WooCommerce: from n/a through 1.5.5.
Medium
CVE-2024-32515
Missing Authorization vulnerability in Qamar Sheeraz, Nasir Ahmad Mega Addons For Elementor.This issue affects Mega Addons For Elementor: from n/a through 1.8.
Medium
CVE-2024-32509
Missing Authorization vulnerability in Loopus WP Cost Estimation & Payment Forms Builder.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through 10.1.76.
2024-04-16
Medium
CVE-2024-32455
Missing Authorization vulnerability in Very Good Plugins Fatal Error Notify.This issue affects Fatal Error Notify: from n/a through 1.5.2.
High
CVE-2024-25911
Missing Authorization vulnerability in Skymoon Labs MoveTo.This issue affects MoveTo: from n/a through 6.2.
High
CVE-2023-45000
Missing Authorization vulnerability in LiteSpeed Technologies LiteSpeed Cache.This issue affects LiteSpeed Cache: from n/a through 5.7.
2024-04-15
Medium
CVE-2024-31421
Missing Authorization vulnerability in supsystic Popup by Supsystic popup-by-supsystic.This issue affects Popup by Supsystic: from n/a through <= 1.10.27.
Medium
CVE-2024-31432
Missing Authorization vulnerability in StellarWP Restrict Content.This issue affects Restrict Content: from n/a through 3.2.8.
High
CVE-2024-32488
In Foxit PDF Reader and Editor before 2024.1, Local Privilege Escalation could occur during update checks because weak permissions on the update-service folder allow attackers to place crafted DLL fi…
2024-04-14
Critical
CVE-2024-3765
A vulnerability classified as critical was found in Xiongmai AHB7804R-MH-V2, AHB8004T-GL, AHB8008T-GL, AHB7004T-GS-V3, AHB7004T-MHV2, AHB8032F-LME and XM530_R80X30-PQ_8M. Affected by this vulnerabili…
2024-04-12
Medium
CVE-2023-52211
Missing Authorization vulnerability in Automattic WP Job Manager.This issue affects WP Job Manager: from n/a through 2.0.0.
High
CVE-2023-51515
Missing Authorization vulnerability in Undsgn Uncode Core allows Privilege Escalation.This issue affects Uncode Core: from n/a through 2.8.8.
Medium
CVE-2023-51499
Missing Authorization vulnerability in WooCommerce WooCommerce Shipping Per Product.This issue affects WooCommerce Shipping Per Product: from n/a through 2.5.4.
2024-04-11
Medium
CVE-2023-32295
Missing Authorization vulnerability in Alex Tselegidis Easy!Appointments.This issue affects Easy!Appointments: from n/a through 1.3.3.
Medium
CVE-2023-6257
The Inline Related Posts WordPress plugin before 3.6.0 is missing authorization in an AJAX action to ensure that users are allowed to see the content of the posts displayed, allowing any authenticate…
Medium
CVE-2024-27970
Missing Authorization vulnerability in BogdanFix WP SendFox.This issue affects WP SendFox: from n/a through 1.3.0.
Medium
CVE-2024-25935
Missing Authorization vulnerability in Metagauss RegistrationMagic.This issue affects RegistrationMagic: from n/a through 5.2.5.9.
Medium
CVE-2024-25922
Missing Authorization vulnerability in Peach Payments Peach Payments Gateway.This issue affects Peach Payments Gateway: from n/a through 3.1.9.
Critical
CVE-2024-25912
Missing Authorization vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2.
Medium
CVE-2024-25908
Missing Authorization vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2.
Medium
CVE-2024-25907
Missing Authorization vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2.
Medium
CVE-2024-24883
Missing Authorization vulnerability in BdThemes Prime Slider – Addons For Elementor.This issue affects Prime Slider – Addons For Elementor: from n/a through 3.11.10.
Medium
CVE-2024-24850
Missing Authorization vulnerability in Mark Stockton Quicksand Post Filter jQuery Plugin.This issue affects Quicksand Post Filter jQuery Plugin: from n/a through 3.1.1.
High
CVE-2023-51672
Missing Authorization vulnerability in FunnelKit FunnelKit Checkout.This issue affects FunnelKit Checkout: from n/a through 3.10.3.
Medium
CVE-2023-27607
Missing Authorization vulnerability in WP Swings Points and Rewards for WooCommerce.This issue affects Points and Rewards for WooCommerce: from n/a through 1.5.0.
Medium
CVE-2022-47604
Missing Authorization vulnerability in junkcoder, ristoniinemets AJAX Thumbnail Rebuild.This issue affects AJAX Thumbnail Rebuild: from n/a through 1.13.
Medium
CVE-2022-44633
Missing Authorization vulnerability in YITH YITH WooCommerce Gift Cards Premium.This issue affects YITH WooCommerce Gift Cards Premium: from n/a through 3.23.1.
2024-04-10
Medium
CVE-2024-31242
Missing Authorization vulnerability in Bricksforge.This issue affects Bricksforge: from n/a through 2.0.17.
Medium
CVE-2024-31230
Missing Authorization vulnerability in ShortPixel ShortPixel Adaptive Images shortpixel-adaptive-images.This issue affects ShortPixel Adaptive Images: from n/a through <= 3.8.2.
High
CVE-2024-31343
Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 4.…
Medium
CVE-2024-31342
Missing Authorization vulnerability in WPcloudgallery WordPress Gallery Exporter.This issue affects WordPress Gallery Exporter: from n/a through 1.3.
High
CVE-2024-2217
gaizhenbiao/chuanhuchatgpt is vulnerable to improper access control, allowing unauthorized access to the `config.json` file. This vulnerability is present in both authenticated and unauthenticated ve…
High
CVE-2024-31358
Missing Authorization vulnerability in Saleswonder Team: Tobias 5 Stars Rating Funnel 5-stars-rating-funnel.This issue affects 5 Stars Rating Funnel: from n/a through <= 1.2.67.
High
CVE-2024-31297
Missing Authorization vulnerability in WPExperts Wholesale For WooCommerce.This issue affects Wholesale For WooCommerce: from n/a through 2.3.0.
Medium
CVE-2024-0159
Dell Alienware Command Center, versions 5.5.52.0 and prior, contain improper access control vulnerability, leading to Denial of Service on local system.
2024-04-09
Medium
CVE-2023-6965
The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.0.10 (with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2…
Medium
CVE-2024-31368
Missing Authorization vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2.
High
CVE-2024-31367
Missing Authorization vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2.
High
CVE-2024-31366
Missing Authorization vulnerability in Themify Post Type Builder (PTB).This issue affects Post Type Builder (PTB): from n/a through 2.0.8.
2024-04-08
Medium
CVE-2024-31375
Missing Authorization vulnerability in Saleswonder Team: Tobias WP2LEADS wp2leads.This issue affects WP2LEADS: from n/a through <= 3.2.7.
2024-04-05
Medium
CVE-2024-29221
Improper Access Control in Mattermost Server versions 9.5.x before 9.5.2, 9.4.x before 9.4.4, 9.3.x before 9.3.3, 8.1.x before 8.1.11 lacked proper access control in the `/api/v4/users/me/teams` endp…
Low
CVE-2024-21848
Improper Access Control in Mattermost Server versions 8.1.x before 8.1.11 allows an attacker that is in a channel with an active call to keep participating in the call even if they are removed from t…
2024-04-04
High
CVE-2024-2759
Improper access control vulnerability in Apaczka plugin for PrestaShop allows information gathering from saved templates without authentication.This issue affects Apaczka plugin for PrestaShop from v…
2024-04-03
Low
CVE-2024-3270
A vulnerability classified as problematic was found in ThingsBoard up to 3.6.2. This vulnerability affects unknown code of the component AdvancedFeature. The manipulation leads to improper access con…
Medium
CVE-2024-20302
A vulnerability in the tenant security implementation of Cisco Nexus Dashboard Orchestrator (NDO) could allow an authenticated, remote attacker to modify or delete tenant templates on an affected sys…
Medium
CVE-2024-20283
A vulnerability in Cisco Nexus Dashboard could allow an authenticated, remote attacker to learn cluster deployment information on an affected device. This vulnerability is due to improper access c…
2024-04-02
Medium
CVE-2024-20851
Improper access control vulnerability in Samsung Data Store prior to version 5.3.00.4 allows local attackers to launch arbitrary activity with Samsung Data Store privilege.
Medium
CVE-2024-20847
Improper Access Control vulnerability in StorageManagerService prior to SMR Apr-2024 Release 1 allows local attackers to read sdcard information.
2024-04-01
Medium
CVE-2024-3165
System->Maintenance-> Log Files in dotCMS dashboard is providing the username/password for database connections in the log output. Nevertheless, this is a moderate issue as it requires a backend admi…
Medium
CVE-2024-31099
Missing Authorization vulnerability in Averta Shortcodes and extra features for Phlox theme auxin-elements.This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.15.7.
2024-03-29
Medium
CVE-2024-30463
Missing Authorization vulnerability in realmag777 BEAR.This issue affects BEAR: from n/a through 1.1.4.3.
Medium
CVE-2024-30477
Missing Authorization vulnerability in Klarna Klarna Payments for WooCommerce.This issue affects Klarna Payments for WooCommerce: from n/a through 3.2.4.
Medium
CVE-2024-30469
Missing Authorization vulnerability in WPExperts Wholesale For WooCommerce.This issue affects Wholesale For WooCommerce: from n/a through 2.3.0.
Critical
CVE-2024-30247
NextcloudPi is a ready to use image for Virtual Machines, Raspberry Pi, Odroid HC1, Rock64 and other boards. A command injection vulnerability in NextCloudPi allows command execution as the root user…
Medium
CVE-2024-30508
Missing Authorization vulnerability in ThimPress WP Hotel Booking.This issue affects WP Hotel Booking: from n/a through 2.0.9.2.
Medium
CVE-2024-30505
Missing Authorization vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.1.18.
High
CVE-2024-30487
Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 5.…
2024-03-28
Critical
CVE-2024-29241
Missing authorization vulnerability in System webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain non-sensitive information…
Medium
CVE-2024-29240
Missing authorization vulnerability in LayoutSave webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to conduct limited denial-of-se…
High
CVE-2024-29229
Missing authorization vulnerability in GetLiveViewPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive inform…
High
CVE-2024-29228
Missing authorization vulnerability in GetStmUrlPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive informat…
Medium
CVE-2024-28004
Missing Authorization vulnerability in ExtendThemes Colibri Page Builder.This issue affects Colibri Page Builder: from n/a through 1.0.248.
Medium
CVE-2024-28003
Missing Authorization vulnerability in Megamenu Max Mega Menu.This issue affects Max Mega Menu: from n/a through 3.3.
Medium
CVE-2024-28016
Improper Access Controlvulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P,…
2024-03-27
High
CVE-2024-25962
Dell InsightIQ, version 5.0, contains an improper access control vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to monito…
2024-03-26
Critical
CVE-2024-2921
Improper access control in PAM vault permissions in Devolutions Server 2024.1.10.0 and earlier allows an authenticated user with access to the PAM to access unauthorized PAM entries via a specific se…
High
CVE-2024-2915
Improper access control in PAM JIT elevation in Devolutions Server 2024.1.6 and earlier allows an attacker with access to the PAM JIT elevation feature to elevate themselves to unauthorized groups vi…