Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

CVEs (3,037)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-24757 1Stylishpricelist 1Stylish Price List Nov 21, 2024 Nov 1, 2021 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 The Stylish Price List WordPress plugin before 6.9.0 does not perform capability checks in its spl_upload_ser_img AJAX action (available to both unauthenticated and authenticated users), which could allow unauthenticated...Show more The Stylish Price List WordPress plugin before 6.9.0 does not perform capability checks in its spl_upload_ser_img AJAX action (available to both unauthenticated and authenticated users), which could allow unauthenticated users to upload images.Show less
CVE-2021-24742 1Radiustheme 1Logo Slider And Showcase Nov 21, 2024 Nov 1, 2021 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 The Logo Slider and Showcase WordPress plugin before 1.3.37 allows Editor users to update the plugin's settings via the rtWLSSettings AJAX action because it uses a nonce for authorisation instead of a capability check.
CVE-2021-24717 1Automatorwp 1Automatorwp Nov 21, 2024 Nov 1, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 The AutomatorWP WordPress plugin before 1.7.6 does not perform capability checks which allows users with Subscriber roles to enumerate automations, disclose title of private posts or user emails, call functions, or perfo...Show more The AutomatorWP WordPress plugin before 1.7.6 does not perform capability checks which allows users with Subscriber roles to enumerate automations, disclose title of private posts or user emails, call functions, or perform privilege escalation via Ajax actions.Show less
CVE-2021-41189 1Duraspace 1Dspace Nov 21, 2024 Oct 29, 2021 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 DSpace is an open source turnkey repository application. In version 7.0, any community or collection administrator can escalate their permission up to become system administrator. This vulnerability only exists in 7.0 an...Show more DSpace is an open source turnkey repository application. In version 7.0, any community or collection administrator can escalate their permission up to become system administrator. This vulnerability only exists in 7.0 and does not impact 6.x or below. This issue is patched in version 7.1. As a workaround, users of 7.0 may temporarily disable the ability for community or collection administrators to manage permissions or workflows settings.Show less
CVE-2021-39321 1Heateor 1Sassy Social Share Nov 21, 2024 Oct 21, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Version 3.3.23 of the Sassy Social Share WordPress plugin is vulnerable to PHP Object Injection via the wp_ajax_heateor_sss_import_config AJAX action due to deserialization of unvalidated user supplied inputs via the imp...Show more Version 3.3.23 of the Sassy Social Share WordPress plugin is vulnerable to PHP Object Injection via the wp_ajax_heateor_sss_import_config AJAX action due to deserialization of unvalidated user supplied inputs via the import_config function found in the ~/admin/class-sassy-social-share-admin.php file. This can be exploited by underprivileged authenticated users due to a missing capability check on the import_config function.Show less
CVE-2021-38345 1Brizy 1Brizy Page Builder Nov 21, 2024 Oct 14, 2021 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 The Brizy Page Builder plugin <= 2.3.11 for WordPress used an incorrect authorization check that allowed any logged-in user accessing any endpoint in the wp-admin directory to modify the content of any existing post or p...Show more The Brizy Page Builder plugin <= 2.3.11 for WordPress used an incorrect authorization check that allowed any logged-in user accessing any endpoint in the wp-admin directory to modify the content of any existing post or page created with the Brizy editor. An identical issue was found by another researcher in Brizy <= 1.0.125 and fixed in version 1.0.126, but the vulnerability was reintroduced in version 1.0.127.Show less
CVE-2021-20803 1Cybozu 1Remote Service Manager Nov 21, 2024 Oct 13, 2021 N/A· v4 5.4 MEDIUM· v3 4.0 MEDIUM· v2 Operation restriction bypass in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to alter the data of the management screen.
CVE-2021-40456 1Microsoft 3Windows Server Windows Server 2019Windows Server 2022 Nov 21, 2024 Oct 13, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Windows AD FS Security Feature Bypass Vulnerability
CVE-2021-42137 1Zammad 1Zammad Nov 21, 2024 Oct 11, 2021 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 An issue was discovered in Zammad before 5.0.1. In some cases, there is improper enforcement of the privilege requirement for viewing a list of tickets that shows title, state, etc.
CVE-2021-28661 1Silverstripe 1Silverstripe Nov 21, 2024 Oct 7, 2021 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 Default SilverStripe GraphQL Server (aka silverstripe/graphql) 3.x through 3.4.1 permission checker not inherited by query subclass.
CVE-2021-22262 1Gitlab 1Gitlab Nov 21, 2024 Oct 5, 2021 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 Missing access control in all GitLab versions starting from 13.12 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 with Jira Cloud integration enabled allows...Show more Missing access control in all GitLab versions starting from 13.12 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 with Jira Cloud integration enabled allows Jira users without administrative privileges to add and remove Jira Connect Namespaces via the GitLab.com for Jira Cloud application configuration pageShow less
CVE-2021-41093 1Wire 1Wire Nov 21, 2024 Oct 4, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Wire is an open source secure messenger. In affected versions if the an attacker gets an old but valid access token they can take over an account by changing the email. This issue has been resolved in version 3.86 which...Show more Wire is an open source secure messenger. In affected versions if the an attacker gets an old but valid access token they can take over an account by changing the email. This issue has been resolved in version 3.86 which uses a new endpoint which additionally requires an authentication cookie. See wire-ios-sync-engine and wire-ios-transport references. This is the root advisory that pulls the changes together.Show less
CVE-2021-22535 1Microfocus 1Netiq Directory And Resource Administrator Nov 21, 2024 Sep 28, 2021 N/A· v4 4.9 MEDIUM· v3 2.7 LOW· v2 Unauthorized information security disclosure vulnerability on Micro Focus Directory and Resource Administrator (DRA) product, affecting all DRA versions prior to 10.1 Patch 1. The vulnerability could lead to unauthorized...Show more Unauthorized information security disclosure vulnerability on Micro Focus Directory and Resource Administrator (DRA) product, affecting all DRA versions prior to 10.1 Patch 1. The vulnerability could lead to unauthorized information disclosure.Show less
CVE-2021-24652 1Wpxpo 1Postx Gutenberg Blocks For Post Grid Nov 21, 2024 Sep 27, 2021 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10 performs incorrect checks before allowing any logged in user to perform some ajax based requests, allowing any user to modify, delete or add ultp_...Show more The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10 performs incorrect checks before allowing any logged in user to perform some ajax based requests, allowing any user to modify, delete or add ultp_options values.Show less
CVE-2021-40655 1Dlink 1Dir 605l Firmware Nov 10, 2025 Sep 24, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page
CVE-2021-40654 1Dlink 1Dir 615 Firmware Nov 21, 2024 Sep 24, 2021 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 An information disclosure issue exist in D-LINK-DIR-615 B2 2.01mt. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page
CVE-2021-36749 1Apache 1Druid Nov 21, 2024 Sep 24, 2021 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the loca...Show more In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server process. This is not an elevation of privilege when users access Druid directly, since Druid also provides the Local InputSource, which allows the same level of access. But it is problematic when users interact with Druid indirectly through an application that allows users to specify the HTTP InputSource, but not the Local InputSource. In this case, users could bypass the application-level restriction by passing a file URL to the HTTP InputSource. This issue was previously mentioned as being fixed in 0.21.0 as per CVE-2021-26920 but was not fixed in 0.21.0 or 0.21.1.Show less
CVE-2021-34648 1Ninjaforms 1Ninja Forms Nov 21, 2024 Sep 22, 2021 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 The Ninja Forms WordPress plugin is vulnerable to arbitrary email sending via the trigger_email_action function found in the ~/includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows auth...Show more The Ninja Forms WordPress plugin is vulnerable to arbitrary email sending via the trigger_email_action function found in the ~/includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to send arbitrary emails from the affected server via the /ninja-forms-submissions/email-action REST API which can be used to socially engineer victims.Show less
CVE-2021-34647 1Ninjaforms 1Ninja Forms Nov 21, 2024 Sep 22, 2021 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 The Ninja Forms WordPress plugin is vulnerable to sensitive information disclosure via the bulk_export_submissions function found in the ~/includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This...Show more The Ninja Forms WordPress plugin is vulnerable to sensitive information disclosure via the bulk_export_submissions function found in the ~/includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to export all Ninja Forms submissions data via the /ninja-forms-submissions/export REST API which can include personally identifiable information.Show less
CVE-2020-19551 1Wuzhicms 1Wuzhicms Nov 21, 2024 Sep 21, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Blacklist bypass issue exists in WUZHI CMS up to and including 4.1.0 in common.func.php, which when uploaded can cause remote code executiong.

Previous 1...116117118...152 Next