CWE-862: Missing Authorization

CVE-2026-0490 is an authentication bypass vulnerability in SAP BusinessObjects BI Platform that allows unauthenticated attackers to send crafted netwo...

This vulnerability in Hollo microblogging software exposes private direct messages and followers-only posts through the ActivityPub outbox endpoint wi...

The SEO Flow by LupsOnline WordPress plugin has an authorization bypass vulnerability that allows unauthenticated attackers to create, modify, and del...

This vulnerability in the Frontend File Manager WordPress plugin allows unauthenticated attackers to share any uploaded file via email by exploiting a...

This CVE describes a missing authorization vulnerability in the WPXPO PostX ultimate-post WordPress plugin that allows attackers to bypass access cont...

This CVE describes a missing authorization vulnerability in the Scalenut WordPress plugin that allows attackers to bypass access controls. It affects ...

The Reviewify WordPress plugin has an authorization vulnerability that allows authenticated users with Contributor-level access or higher to create ar...

This vulnerability in the Latest Registered Users WordPress plugin allows unauthenticated attackers to export complete user data (excluding passwords)...

The User Activity Log WordPress plugin up to version 2.2 contains an unauthenticated vulnerability that allows attackers to modify critical WordPress ...

This CVE describes a missing authorization vulnerability in CubeWP WordPress plugin that allows attackers to access functionality not properly restric...

This CVE describes a Missing Authorization vulnerability in the claspo Popup Builder WordPress plugin that allows attackers to bypass access controls....

CVE-2024-24844 is a missing authorization vulnerability in PowerPack Pro for Elementor WordPress plugin that allows unauthenticated attackers to reset...

This vulnerability allows unauthenticated attackers to access sensitive user metadata including password hashes via a REST API endpoint in the PostX W...

This CVE describes a Missing Authorization vulnerability in the Ays Pro Easy Form WordPress plugin that allows attackers to bypass access controls. It...

This CVE describes a missing authorization vulnerability in the LearnPress WordPress plugin that allows attackers to bypass access controls and perfor...

This CVE describes a missing authorization vulnerability in the wpForo Forum WordPress plugin that allows attackers to bypass access controls. It affe...

This CVE describes a missing authorization vulnerability in PropertyHive WordPress plugin that allows attackers to bypass access controls. It affects ...

This CVE describes a Missing Authorization vulnerability in the ListingPro WordPress theme that allows attackers to bypass access controls. It affects...

This CVE describes a Missing Authorization vulnerability in the Arraytics Timetics WordPress plugin that allows attackers to bypass access controls. I...

This CVE describes a Missing Authorization vulnerability in the GetResponse Email Marketing WordPress plugin that allows attackers to exploit incorrec...

This CVE describes a Missing Authorization vulnerability in the FantasticPlugins WooCommerce Recover Abandoned Cart plugin that allows attackers to de...

This CVE describes a missing authorization vulnerability in the Masterstudy WordPress theme that allows attackers to access functionality not properly...

This CVE describes a missing authorization vulnerability in the MasterStudy LMS Pro WordPress plugin that allows attackers to access functionality not...

This CVE describes a Missing Authorization vulnerability in the WP Voting Contest WordPress plugin that allows attackers to exploit incorrectly config...

This CVE describes a missing authorization vulnerability in the YayPricing WordPress plugin that allows attackers to access functionality not properly...

This CVE describes a Missing Authorization vulnerability in the ThemeAtelier IDonatePro WordPress plugin that allows attackers to access functionality...

This CVE describes a Missing Authorization vulnerability in the Javo Core WordPress plugin that allows attackers to delete arbitrary content without p...

This CVE describes a missing authorization vulnerability in Synology BeeDrive desktop software that allows remote attackers to delete arbitrary files ...

Ruoyi v4.8.0 has an incorrect access control vulnerability where the authRole method in SysUserController.java lacks a checkUserDataScope permission c...

Ruoyi v4.8.0 has an incorrect access control vulnerability in the resetPwd method that allows unauthorized password resets. Attackers can reset passwo...

This vulnerability allows unauthenticated attackers to forge PayPal payment notifications in the CP Contact Form with PayPal WordPress plugin, marking...

The Live Sales Notification for WooCommerce WordPress plugin has an authorization bypass vulnerability that allows unauthenticated attackers to access...

Apache OpenOffice versions through 4.1.15 have a missing authorization vulnerability that allows attackers to craft documents that automatically load ...

Apache OpenOffice versions through 4.1.15 have a missing authorization vulnerability where specially crafted Calc spreadsheets containing DDE links ca...

Apache OpenOffice versions through 4.1.15 contain a missing authorization vulnerability where documents with floating frames linked to external files ...

The Bookit WordPress plugin has a missing capability check on its Stripe return endpoint, allowing unauthenticated attackers to connect their own Stri...

This CVE describes a Missing Authorization vulnerability in the Miraculous WordPress theme that allows attackers to delete arbitrary content without p...

An authorization bypass vulnerability in CanalDenuncia.app allows attackers to access other users' confidential information by manipulating POST param...

An authorization bypass vulnerability in CanalDenuncia.app allows attackers to access other users' information by manipulating the 'web' parameter in ...

An authorization bypass vulnerability in CanalDenuncia.app allows attackers to access other users' information by manipulating the 'web' parameter in ...

An authorization bypass vulnerability in CanalDenuncia.app allows attackers to access other users' information by manipulating POST parameters. Attack...

An authorization bypass vulnerability in CanalDenuncia.app allows attackers to access other users' confidential information by manipulating the 'id_so...

An authorization bypass vulnerability in CanalDenuncia.app allows attackers to access other users' confidential reports by manipulating the 'id_denunc...

An authorization bypass vulnerability in CanalDenuncia.app allows attackers to access other users' confidential documents by manipulating POST paramet...

An authorization bypass vulnerability in CanalDenuncia.app allows attackers to access other users' confidential information by manipulating the 'id_de...

An authorization bypass vulnerability in CanalDenuncia.app allows attackers to access other users' confidential information by manipulating the 'web' ...

This vulnerability allows unauthenticated attackers to bypass payment verification in WooCommerce stores using the Crypto Payment Gateway with Payeer ...

This CVE describes a missing authorization vulnerability in BuddyPress that allows unauthorized users to perform actions they shouldn't have access to...

This CVE describes a missing authorization vulnerability in the DELUCKS SEO WordPress plugin that allows attackers to access functionality not properl...

This CVE describes a missing authorization vulnerability in the Tablesome Table Premium WordPress plugin that allows attackers to access functionality...