CWE-862: Missing Authorization

CVE-2026-0511 is a missing authorization vulnerability in SAP Fiori App Intercompany Balance Reconciliation that allows authenticated users to escalat...

This CVE describes a Missing Authorization vulnerability in the Traveler WordPress theme that allows attackers to bypass access controls. It affects a...

This CVE describes a Missing Authorization vulnerability in the WP Attractive Donations System WordPress plugin that allows attackers to delete arbitr...

This CVE describes a Missing Authorization vulnerability in the WeDesignTech Portfolio WordPress plugin that allows attackers to bypass access control...

This vulnerability allows attackers to bypass authorization controls in the DesignThemes LMS Addon WordPress plugin, potentially accessing restricted ...

This CVE describes a Missing Authorization vulnerability in the WordPress Editorial Calendar plugin that allows attackers to bypass access controls. A...

This CVE describes a missing authorization vulnerability in the totalsoft TS Poll WordPress plugin (poll-wp) that allows attackers to exploit incorrec...

This CVE describes a Missing Authorization vulnerability in the WP Telegram Widget and Join Link WordPress plugin that allows attackers to bypass acce...

This CVE describes a Missing Authorization vulnerability in the Simple File List WordPress plugin that allows attackers to bypass access controls. It ...

This CVE describes a Missing Authorization vulnerability in the Opinion Stage Poll, Survey & Quiz Maker WordPress plugin that allows attackers to bypa...

This vulnerability allows attackers to bypass authorization controls in the FV Simpler SEO WordPress plugin, potentially accessing administrative func...

This CVE describes a missing authorization vulnerability in YITH Slider for page builders WordPress plugin that allows attackers to bypass access cont...

This CVE describes a missing authorization vulnerability in the Watu Quiz WordPress plugin that allows attackers to bypass access controls. Attackers ...

This CVE describes a missing authorization vulnerability in the Addonify Quick View WordPress plugin that allows attackers to bypass access controls. ...

This CVE describes a Missing Authorization vulnerability in the Tablesome WordPress plugin that allows attackers to bypass access controls. It affects...

This CVE describes a Missing Authorization vulnerability in the Spiffy Calendar WordPress plugin that allows attackers to bypass access controls. It a...

The Beaver Builder WordPress plugin has an authorization bypass vulnerability that allows authenticated users with Subscriber-level access or higher t...

The Blaze Demo Importer WordPress plugin allows authenticated attackers with subscriber-level access or higher to reset the database, delete files, an...

This CVE describes a missing authorization vulnerability in the Trinity Audio WordPress plugin that allows attackers to bypass access controls. It aff...

This CVE describes a Missing Authorization vulnerability in VillaTheme's Thank You Page Customizer for WooCommerce plugin. It allows attackers to expl...

Apache OpenOffice Calc has a missing authorization vulnerability that allows attackers to craft documents with external data source links that load wi...

This vulnerability in Nuance PowerScribe allows unauthorized attackers to access sensitive information over the network due to missing authorization c...

The LC Wizard WordPress plugin has a privilege escalation vulnerability that allows unauthenticated attackers to create administrator accounts when PR...

This vulnerability allows attackers to bypass authorization controls in the Advanced Google Maps WordPress plugin, potentially accessing administrativ...

This vulnerability allows attackers to bypass authorization controls in the RealMag777 MDTF WordPress plugin, potentially accessing or modifying restr...

This vulnerability allows attackers to bypass authorization controls in the ilmosys Open Close WooCommerce Store WordPress plugin, enabling unauthoriz...

This CVE describes a missing authorization vulnerability in the Reoon Email Verifier WordPress plugin that allows attackers to bypass access controls....

This CVE describes a Missing Authorization vulnerability in the Conversios.io plugin for WooCommerce that allows attackers to bypass access controls. ...

This vulnerability allows attackers to bypass authorization controls in the SEO Meta Description Updater WordPress plugin, enabling unauthorized acces...

This CVE describes a missing authorization vulnerability in the WordPress Export Categories plugin that allows attackers to access functionality not p...

This CVE describes a Missing Authorization vulnerability in the Smart WeTransfer WordPress plugin that allows attackers to bypass access controls. Att...

This CVE describes a Missing Authorization vulnerability in the ClickSend SMS Contact Form 7 Notifications WordPress plugin that allows attackers to e...

This vulnerability in Oracle Financial Services Analytical Applications Infrastructure allows authenticated attackers with low privileges to remotely ...

A missing authorization vulnerability in Zyxel firewall devices allows semi-authenticated attackers who have completed only the first stage of 2FA to ...

This vulnerability allows attackers to join any Mattermost team without proper authorization by manipulating RelayState parameters. Attackers can bypa...

The Cost Calculator Builder plugin for WordPress has an authorization vulnerability that allows authenticated users with Subscriber-level access or hi...

The Miniorange OTP Verification with Firebase WordPress plugin allows unauthenticated attackers to escalate privileges to Administrator when premium f...

The WP Legal Pages WordPress plugin has a missing capability check that allows authenticated users with Contributor-level access or higher to install ...

This vulnerability in the Malcure Malware Scanner WordPress plugin allows authenticated attackers with Subscriber-level access or higher to delete arb...

CVE-2025-52813 is a missing authorization vulnerability in the pietro MobiLoud WordPress plugin that allows attackers to bypass access controls. This ...

Samsung Galaxy Buds and Galaxy Buds 2 audio devices are vulnerable to unauthorized Bluetooth pairing by default, allowing attackers within Bluetooth r...

This vulnerability in the Projectopia WordPress plugin allows authenticated attackers with Subscriber-level access or higher to delete arbitrary WordP...

The Page View Count WordPress plugin versions 2.8.0 to 2.8.4 contain a missing capability check that allows authenticated users with Subscriber-level ...

The ZoomSounds WordPress plugin has an authorization vulnerability that allows authenticated users with Subscriber-level access or higher to modify Wo...

The BWL Advanced FAQ Manager WordPress plugin has an authorization vulnerability that allows authenticated users with Subscriber-level access or highe...

An improper access control vulnerability in danswer-ai/danswer v0.3.94 allows the first user created in the system to view, modify, and delete chats c...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to modify critical site options via an AJAX endpoint wi...

This vulnerability in the Flex Mag WordPress theme allows authenticated users with Subscriber-level access or higher to delete arbitrary WordPress opt...

This CVE describes a PHP object injection vulnerability in the Affiliate Links WordPress plugin. Unauthenticated attackers can exploit it via file exp...

This vulnerability allows authenticated low-privileged attackers to delete user accounts in Q-Free MaxTime systems via crafted HTTP requests. It affec...