CWE-862: Missing Authorization

A permission control vulnerability in Huawei's App Multiplier module allows unauthorized access to sensitive functionality. This affects Huawei device...

The TOTOLINK EX200 V4.0.3c.7646_B20201211 wireless range extender lacks any authentication mechanism by default, allowing unauthenticated attackers to...

CVE-2025-65036 is a critical vulnerability in XWiki Remote Macros that allows unauthenticated attackers to execute arbitrary code via Velocity templat...

This CVE describes a Missing Authorization vulnerability in the FS Poster WordPress plugin that allows unauthorized users to perform actions intended ...

This CVE describes a Missing Authorization vulnerability in the PrivateContent WordPress plugin that allows attackers to bypass access controls. Attac...

This CVE describes a Missing Authorization vulnerability in the JupiterX Core WordPress plugin that allows attackers to exploit incorrectly configured...

This CVE describes a WordPress plugin vulnerability where attackers can bypass authorization controls to access administrative functions and inject ma...

This CVE describes a Missing Authorization vulnerability in the Essential Grid WordPress plugin by ThemePunch OHG. It allows authenticated users to pe...

CVE-2023-25799 is a missing authorization vulnerability in the Tutor LMS WordPress plugin that allows unauthorized users to access student data and pe...

This CVE describes a Missing Authorization vulnerability in the AA-Team WZone WordPress plugin, allowing unauthorized users to perform actions intende...

This CVE describes a Missing Authorization vulnerability in the Unlimited Elements For Elementor WordPress plugin. It allows attackers to perform unau...

The CMP Coming Soon & Maintenance plugin for WordPress has an authorization bypass vulnerability that allows unauthenticated attackers to read posts, ...

This CVE describes a missing authorization vulnerability in the WordPress User Registration plugin that allows attackers to bypass access controls. It...

The iPaymu Payment Gateway for WooCommerce WordPress plugin has a missing authentication vulnerability that allows unauthenticated attackers to mark o...

An unauthenticated Broken Function Level Authorization vulnerability in Newgen OmniDocs v11.0 allows attackers to bypass authentication and access pri...

This vulnerability allows attackers to bypass authorization controls in the WP Messiah Ai Image Alt Text Generator WordPress plugin, enabling unauthor...

This CVE describes a Missing Authorization vulnerability in WPGuppy Lite WordPress plugin that allows attackers to access functionality not properly c...

The Cloud SAML SSO WordPress plugin has a missing capability check that allows unauthenticated attackers to modify organization settings via POST requ...

This vulnerability allows attackers to bypass authorization controls in the Abandoned Contact Form 7 WordPress plugin, potentially accessing sensitive...

This CVE describes a Missing Authorization vulnerability in the Chimpstudio JobHunt Job Alerts WordPress plugin that allows attackers to delete arbitr...

This vulnerability allows attackers to delete arbitrary WordPress options without proper authorization in the Grand Restaurant WordPress theme. Any Wo...

This CVE describes a Missing Authorization vulnerability in the Add Product Frontend for WooCommerce WordPress plugin that allows attackers to delete ...

This CVE describes a Missing Authorization vulnerability in Drupal AI that allows attackers to access restricted functionality through forceful browsi...

This CVE describes a Missing Authorization vulnerability in the Shinetheme Traveler WordPress theme that allows unauthorized users to perform actions ...

This CVE describes a missing authorization vulnerability in the BookPress WordPress plugin that allows attackers to bypass access controls. Attackers ...

This vulnerability allows unauthorized attackers to elevate privileges in Microsoft Account systems over a network. Attackers can gain higher-level ac...

This CVE describes a missing authorization vulnerability in the Realty Workstation WordPress plugin that allows attackers to access functionality not ...

This vulnerability allows attackers to bypass authorization controls in MultiVendorX WC Marketplace WordPress plugin, potentially accessing or modifyi...

This CVE describes a missing authorization vulnerability in the Flexible Woocommerce Checkout Field Editor WordPress plugin that allows attackers to b...

This CVE describes a Missing Authorization vulnerability in the Stripe Payments WordPress plugin that allows attackers to bypass access controls. It a...

This vulnerability allows attackers with access to a victim's Personal Access Token (PAT) to escalate privileges in GitLab instances. It affects all G...

This vulnerability allows unauthenticated attackers to access functionality that should be restricted by proper authorization controls in the Woffice ...

CVE-2024-37106 is a missing authorization vulnerability in the WishList Member X WordPress plugin that allows unauthenticated attackers to change plug...

This CVE describes a missing authorization vulnerability in the MasterStudy LMS WordPress plugin that allows attackers to bypass access controls and p...

This CVE describes an authorization bypass vulnerability in Mastodon where attackers can craft specific activities to extend the audience of posts the...

This CVE describes a Missing Authorization vulnerability in the Betheme WordPress theme that allows unauthorized users to perform actions intended onl...

This vulnerability allows unauthenticated attackers to bypass authorization controls in the Paid Memberships Pro CCBill Gateway WordPress plugin. Atta...

This CVE describes a Missing Authorization vulnerability in the EventPrime WordPress plugin that allows attackers to manipulate booking prices without...

This CVE describes a Missing Authorization vulnerability in the Olive One Click Demo Import WordPress plugin. It allows unauthenticated attackers to i...

This vulnerability in Spring Security allows broken access control when applications directly use AuthenticatedVoter#vote with a null Authentication p...

This vulnerability allows unauthenticated attackers to modify content on WordPress sites using the SeedProd Website Builder plugin. Attackers can chan...

CVE-2023-1261 is a missing MAC layer security vulnerability in Silicon Labs Wi-SUN SDK that allows malicious nodes to route unauthorized messages thro...

This vulnerability in the WordPress Restrict Content plugin allows unauthenticated attackers to register with any membership level, including inactive...

This CVE describes a Missing Authorization vulnerability in the Tablesome WordPress plugin that allows attackers to bypass access controls and perform...

This CVE describes a missing authorization vulnerability in the WP Recipe Maker WordPress plugin that allows attackers to bypass access controls. It a...

This CVE describes a missing authorization vulnerability in the WordPress User Registration plugin that allows attackers to exploit incorrectly config...

Fleet device management software versions before 4.78.3, 4.77.1, 4.76.2, 4.75.2, and 4.53.3 have broken access control that allows any authenticated u...

This vulnerability allows attackers to bypass authorization controls in ManageEngine's privileged access management products when initiating remote se...

This vulnerability allows backend users with access to the recycler module to delete arbitrary data from any database table defined in TYPO3's TCA, re...

This CVE describes a Missing Authorization Check vulnerability in SAP ABAP systems that allows authenticated attackers to misuse RFC functions to exec...