CWE-862: Missing Authorization

This vulnerability allows attackers to bypass authorization controls in the Redirection for Contact Form 7 WordPress plugin, potentially modifying red...

This CVE describes a missing authorization vulnerability in the Total-Soft Portfolio Gallery WordPress plugin that allows attackers to bypass access c...

This CVE describes a Missing Authorization vulnerability in the Easing Slider WordPress plugin that allows unauthorized users to reset plugin settings...

CVE-2023-32520 is a missing authorization vulnerability in the Webcodin WCP Contact Form WordPress plugin that allows attackers to bypass access contr...

This CVE describes a Missing Authorization vulnerability in the Video Gallery – YouTube Gallery WordPress plugin that allows attackers to bypass acc...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to update arbitrary user metadata due to a missing capa...

This CVE describes a Missing Authorization vulnerability in the RegistrationMagic WordPress plugin that allows attackers to bypass access controls. It...

This CVE describes a Missing Authorization vulnerability in the Quick Paypal Payments WordPress plugin that allows attackers to exploit incorrectly co...

This CVE describes a Missing Authorization vulnerability in Shopfiles Ltd's Ebook Store WordPress plugin that allows attackers to bypass access contro...

This vulnerability in WeGIA 3.2.0 allows unauthorized users to change passwords without proper permission checks. It affects all installations of WeGI...

The TI WooCommerce Wishlist plugin for WordPress has an authorization bypass vulnerability that allows unauthenticated attackers to create pages, modi...

This vulnerability allows attackers to bypass access controls in Handcent NextSMS's content provider, potentially exposing sensitive messaging data. I...

This CVE describes a missing authorization vulnerability in the WpTravelly WordPress plugin that allows attackers to access functionality not properly...

This CVE describes a missing authorization vulnerability in the Masteriyo LMS WordPress plugin that allows attackers to access functionality not prope...

The Forminator WordPress plugin has an authorization bypass vulnerability that allows authenticated users with Contributor-level access or higher to c...

This vulnerability in the Minecraft mod 'Command Block IDE' allows any user to modify function files on dedicated servers due to missing authorization...

The Download Monitor WordPress plugin up to version 4.7.51 has an authorization bypass vulnerability in REST-API reporting routes. Unauthenticated att...

This vulnerability in Oracle Service Bus allows unauthenticated attackers with network access via HTTP to access sensitive data. It affects Oracle Fus...

This vulnerability in Oracle WebLogic Server allows unauthenticated attackers with network access via T3 or IIOP protocols to access sensitive data. I...

The D-Link DIR-823G router version 1.0.2B05_20181207 allows unauthorized users to download configuration files containing plaintext passwords. This vu...

This CVE describes a Missing Authorization vulnerability in the WP Swings Wallet System for WooCommerce WordPress plugin. It allows attackers to acces...

This vulnerability allows unauthenticated attackers to access sensitive data and functionality in WooCommerce OpenPos due to missing authorization che...

This CVE-2024-6760 vulnerability allows unprivileged users to trace setuid programs due to a kernel tracing logic bug, enabling them to inspect progra...

This vulnerability in the File Manager Pro – Filester WordPress plugin allows authenticated attackers with administrator-granted permissions to modi...

CVE-2024-6805 is an authorization bypass vulnerability in NI VeriStand Gateway that allows unauthorized actors to access File Transfer resources. This...

CVE-2023-48759 is a missing authorization vulnerability in the JetElements for Elementor WordPress plugin that allows unauthenticated attackers to dow...

This CVE describes a missing authorization vulnerability in the Consensu.IO WordPress plugin that allows unauthorized users to perform actions intende...

This CVE describes a Missing Authorization vulnerability in the Advanced Local Pickup for WooCommerce WordPress plugin. It allows attackers to bypass ...

CVE-2024-32798 is a missing authorization vulnerability in WP Travel Engine WordPress plugin that allows attackers to manipulate booking prices withou...

This CVE describes a Missing Authorization (Broken Access Control) vulnerability in the BizPrint WordPress plugin. It allows unauthorized users to acc...

This CVE describes a Missing Authorization vulnerability in the XStore WordPress theme that allows unauthenticated attackers to perform unauthorized a...

CVE-2024-33543 is a missing authorization vulnerability in the WP Time Slots Booking Form WordPress plugin that allows attackers to bypass access cont...

CVE-2024-31243 is a missing authorization vulnerability in the Bricksforge WordPress plugin that allows unauthenticated attackers to delete arbitrary ...

This CVE describes an incorrect authorization vulnerability in lunary-ai/lunary that allows unauthenticated users to delete any dataset without proper...

This CVE-2024-4520 vulnerability allows any user on the gaizhenbiao/chuanhuchatgpt server to access other users' chat histories without authorization....

This CVE describes a Missing Authorization vulnerability in the Netgsm WordPress plugin that allows unauthorized users to perform privileged actions. ...

This vulnerability in MIT IdentiBot allows unauthorized Discord servers to execute commands that reveal personal information of verified MIT affiliate...

This vulnerability allows any user, including those without authentication, to delete datasets in lunary-ai/lunary by sending a DELETE request to the ...

This vulnerability allows unauthenticated attackers to modify all settings of the Fluent Forms WordPress plugin via a REST API endpoint lacking proper...

This CVE describes a Missing Authorization vulnerability in the Sharkdropship WordPress plugin that allows unauthorized users to delete arbitrary cont...

This CVE describes a Missing Authorization vulnerability in the Leaky Paywall WordPress plugin that allows unauthenticated users to manipulate subscri...

This CVE describes a Missing Authorization vulnerability in the ProFaceOff SSU WordPress plugin (also known as WP S3 Smart Upload). It allows unauthor...

This CVE describes a Missing Authorization vulnerability in the Simple File List WordPress plugin that allows unauthorized file deletion. Attackers ca...

This CVE describes a Missing Authorization vulnerability in the Sonaar Music MP3 Audio Player WordPress plugin that allows unauthenticated attackers t...

This CVE describes a Missing Authorization vulnerability in the WPExperts Wholesale For WooCommerce WordPress plugin. It allows unauthenticated attack...

This CVE describes a Missing Authorization vulnerability in the WordPress plugin '5 Stars Rating Funnel' by Saleswonder.Biz. It allows unauthenticated...

This vulnerability in the WP Compress – Image Optimizer WordPress plugin allows unauthenticated attackers to reset the CDN region and set malicious ...

This vulnerability in certain Lenovo printers allows unauthenticated attackers to retrieve the administrator password. Affected organizations using vu...

This vulnerability allows unauthenticated attackers to list directories and access sensitive files in Best Student Result Management System v1.0. Anyo...

nGrinder versions before 3.5.9 have an access control vulnerability that allows attackers to create or modify webhook configurations without proper au...