CWE-862: Missing Authorization

An authorization bypass vulnerability in CanalDenuncia.app allows attackers to access other users' confidential documents by manipulating POST paramet...

An authorization bypass vulnerability in CanalDenuncia.app allows attackers to access other users' confidential information by manipulating the 'id_de...

An authorization bypass vulnerability in CanalDenuncia.app allows attackers to access other users' confidential information by manipulating the 'web' ...

This vulnerability allows unauthenticated attackers to bypass payment verification in WooCommerce stores using the Crypto Payment Gateway with Payeer ...

This CVE describes a missing authorization vulnerability in BuddyPress that allows unauthorized users to perform actions they shouldn't have access to...

This CVE describes a missing authorization vulnerability in the DELUCKS SEO WordPress plugin that allows attackers to access functionality not properl...

This CVE describes a missing authorization vulnerability in the Tablesome Table Premium WordPress plugin that allows attackers to access functionality...

This CVE describes a Missing Authorization vulnerability in the shinetheme Traveler WordPress theme that allows attackers to delete arbitrary content ...

The AL Pack WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to activate premium features by spoofing...

This CVE describes a Missing Authorization vulnerability in the WP Swings Membership For WooCommerce WordPress plugin that allows attackers to access ...

This CVE describes a Missing Authorization vulnerability in the Eventin Pro WordPress plugin (formerly WordPress Event Manager, Event Calendar and Boo...

CVE-2025-31425 is a missing authorization vulnerability in the WP Lead Capturing Pages WordPress plugin that allows attackers to delete arbitrary cont...

This CVE describes a missing authorization vulnerability in the ThemeAtelier IDonatePro WordPress plugin that allows attackers to bypass access contro...

The UiCore Elements WordPress plugin has an arbitrary file read vulnerability that allows unauthenticated attackers to read any file on the server. Th...

This CVE describes a missing authorization vulnerability in Drupal's File Download module that allows forceful browsing (unauthorized file access). At...

This CVE describes a missing authorization vulnerability in the uxper Nuss WordPress theme that allows attackers to access functionality not properly ...

The Ultimate WP Mail WordPress plugin versions 1.0.17 to 1.3.6 contain a privilege escalation vulnerability where authenticated users with Contributor...

The Booking X WordPress plugin versions 1.0 to 1.1.2 contain an authorization bypass vulnerability in the export_now() function that lacks proper capa...

The WP Travel Engine plugin for WordPress has an unauthenticated data deletion vulnerability. Attackers can delete arbitrary posts without authenticat...

A missing authorization vulnerability in Soar Cloud HRD Human Resource Management System allows remote attackers to modify system settings without pro...

This CVE describes a Missing Authorization vulnerability in the MapSVG WordPress plugin that allows attackers to access functionality not properly res...

CVE-2025-39451 is a missing authorization vulnerability in Crocoblock's JetBlocks For Elementor WordPress plugin that allows attackers to access funct...

This CVE describes a missing authorization vulnerability in the Crocoblock JetElements For Elementor WordPress plugin. It allows attackers to access f...

This vulnerability in the WP ERP WordPress plugin allows employees to access terminated employees' data by manipulating parameters. It affects WordPre...

This vulnerability allows unauthenticated remote attackers to trigger a shutdown button via HTTPS connections, causing denial of service. Any system r...

A missing authorization vulnerability in synocopy allows remote attackers to read arbitrary files on Synology DiskStation Manager systems. This affect...

This CVE describes a Missing Authorization vulnerability in the JetMenu WordPress plugin that allows attackers to access functionality not properly re...

This CVE describes a broken access control vulnerability in the Unlimited Timeline WordPress plugin that allows unauthorized users to access functiona...

This vulnerability in Oracle E-Business Suite's CRM User Management Framework allows unauthenticated attackers to remotely access sensitive data via H...

A missing authorization vulnerability in the Barcode Generator for WooCommerce WordPress plugin allows attackers to delete arbitrary content without p...

This CVE describes a missing authorization vulnerability in the JetTricks WordPress plugin that allows attackers to access functionality not properly ...

This CVE describes a missing authorization vulnerability in the JetBlog WordPress plugin that allows attackers to access functionality not properly re...

A missing authorization vulnerability in Apptivo Business Site CRM WordPress plugin allows attackers to delete arbitrary content without proper authen...

This CVE describes a missing authorization vulnerability in JoomSky JS Help Desk WordPress plugin that allows attackers to bypass access controls and ...

This CVE describes a Missing Authorization vulnerability in the WordPress Greek Multi Tool plugin that allows attackers to bypass access controls. It ...

This vulnerability allows attackers to bypass authorization controls in the Ads by WPQuads WordPress plugin, potentially accessing administrative func...

This vulnerability in lunary-ai/lunary allows any user to export the entire database to Google BigQuery without proper authentication or authorization...

This vulnerability in IROAD V9 dashcams allows unauthorized users to modify device settings, disable critical functions, and turn off battery protecti...

The Trash Duplicate and 301 Redirect WordPress plugin has an authorization vulnerability that allows unauthenticated attackers to delete any posts or ...

This CVE describes a missing authorization vulnerability in the Atarim WordPress plugin that allows attackers to delete arbitrary content without prop...

This vulnerability allows unauthenticated attackers to download the entire WordPress database through the Safe Ai Malware Protection plugin. Any WordP...

This CVE describes a missing authorization vulnerability in the My Tickets WordPress plugin that allows attackers to access functionality not properly...

This CVE describes a Missing Authorization vulnerability in the Standard Box Sizes plugin for WooCommerce that allows unauthorized users to perform ac...

CVE-2024-57757 is an authentication bypass vulnerability in JeeWMS that allows attackers to bypass permission checks in the AuthInterceptor component....

This vulnerability allows unauthenticated attackers to manipulate gift card balances in WooCommerce stores using the Ultimate Gift Cards plugin. Attac...

This CVE describes a missing authorization vulnerability in the Lenderd 1003 Mortgage Application WordPress plugin that allows attackers to access fun...

A missing authorization vulnerability in the EazyDocs WordPress plugin allows attackers to bypass access controls and potentially modify or access res...

This vulnerability allows attackers to bypass authorization controls in the Ultimate Addons for Contact Form 7 WordPress plugin, potentially accessing...

This CVE describes a missing authorization vulnerability in the WP Travel WordPress plugin that allows attackers to exploit incorrectly configured acc...

This CVE describes a Missing Authorization vulnerability in the Spreadr Woocommerce WordPress plugin that allows attackers to access functionality not...