CWE-862: Missing Authorization

This vulnerability allows unauthenticated attackers to modify all settings of the Fluent Forms WordPress plugin via a REST API endpoint lacking proper...

This CVE describes a Missing Authorization vulnerability in the Sharkdropship WordPress plugin that allows unauthorized users to delete arbitrary cont...

This CVE describes a Missing Authorization vulnerability in the Leaky Paywall WordPress plugin that allows unauthenticated users to manipulate subscri...

This CVE describes a Missing Authorization vulnerability in the ProFaceOff SSU WordPress plugin (also known as WP S3 Smart Upload). It allows unauthor...

This CVE describes a Missing Authorization vulnerability in the Simple File List WordPress plugin that allows unauthorized file deletion. Attackers ca...

This CVE describes a Missing Authorization vulnerability in the Sonaar Music MP3 Audio Player WordPress plugin that allows unauthenticated attackers t...

This CVE describes a Missing Authorization vulnerability in the WPExperts Wholesale For WooCommerce WordPress plugin. It allows unauthenticated attack...

This CVE describes a Missing Authorization vulnerability in the WordPress plugin '5 Stars Rating Funnel' by Saleswonder.Biz. It allows unauthenticated...

This vulnerability in the WP Compress – Image Optimizer WordPress plugin allows unauthenticated attackers to reset the CDN region and set malicious ...

This vulnerability in certain Lenovo printers allows unauthenticated attackers to retrieve the administrator password. Affected organizations using vu...

This vulnerability allows unauthenticated attackers to list directories and access sensitive files in Best Student Result Management System v1.0. Anyo...

nGrinder versions before 3.5.9 have an access control vulnerability that allows attackers to create or modify webhook configurations without proper au...

The EazyDocs WordPress plugin before version 2.3.6 lacks proper authorization and CSRF protection, allowing unauthenticated attackers to delete arbitr...

The Debug Log Manager WordPress plugin before version 2.3.0 contains an unauthenticated directory listing vulnerability that allows attackers to downl...

Hertzbeat versions before 1.4.1 have Spring Boot permission misconfigurations that allow unauthenticated access to three interfaces. This vulnerabilit...

This vulnerability in the SmartCrawl WordPress plugin allows unauthorized users to access password-protected posts' content. It affects WordPress site...

CVE-2023-39167 allows unauthenticated remote attackers to access log files containing sensitive data from SENEC Storage Box devices. This affects SENE...

This vulnerability allows attackers to bypass Node.js's experimental policy mechanism by using __proto__ to require modules outside the policy.json de...

This vulnerability allows unauthenticated guests to download customer personal information from PrestaShop stores using the vulnerable Facebook conver...

The Soisy Pagamento Rateale WordPress plugin up to version 6.0.1 has an authorization bypass vulnerability that allows unauthenticated attackers to ac...

CVE-2023-39966 is an arbitrary file write vulnerability in 1Panel server management panel that allows attackers to write arbitrary files to the server...

This vulnerability allows unauthenticated attackers to download personal information in JSON format from PrestaShop stores using the vulnerable lgdeta...

This CVE describes a missing authorization vulnerability in fossbilling/fossbilling prior to version 0.5.0. It allows attackers to access functionalit...

The uListing WordPress plugin up to version 1.6.6 has an authorization bypass vulnerability in its REST API endpoint. Unauthenticated attackers can ex...

This vulnerability allows unauthenticated attackers to bypass authorization checks and download files from WooCommerce sites using the Product Input F...

CVE-2023-33252 is a cryptographic vulnerability in iden3 snarkjs that allows double spending in zero-knowledge proof systems due to insufficient valid...

This vulnerability allows malicious shortcuts in Apple's Shortcuts app to access sensitive user data without proper permission prompts. It affects use...

The HUAWEI Messaging app has a vulnerability allowing unauthorized file access, potentially exposing sensitive user data. This affects users of HUAWEI...

This vulnerability in Wavlink WL-WN530HG4 routers allows unauthenticated attackers to download configuration files and log files containing admin cred...

This vulnerability in QQ application 8.7.1 allows attackers to bypass location permission requirements and access device GPS coordinates without user ...

The Metform WordPress plugin has an access control vulnerability that allows unauthenticated attackers to retrieve all third-party API keys and secret...

The Tipsacarrier WordPress plugin before version 1.5.0.5 lacks authorization checks on certain functions, allowing unauthenticated attackers to access...

CVE-2022-27658 is an information disclosure vulnerability in SAP Innovation Management 2.0 that allows attackers to access sensitive information under...

This vulnerability in 3scale's APIdocs allows attackers to bypass access controls by using invalid tokens that trigger fallback to session authenticat...

The Download Manager WordPress plugin before version 3.2.35 has REST API endpoints without proper authorization checks, allowing unauthenticated attac...

The Link Library WordPress plugin before version 7.2.8 has an authorization vulnerability that allows unauthenticated users to delete arbitrary links ...

The Protect WP Admin WordPress plugin before version 3.6.2 contains an authorization bypass vulnerability in the lib/pwa-deactivate.php file. Unauthen...

CVE-2021-38789 is an incorrect access control vulnerability in Allwinner R818 SoC Android Q SDK V1.0 where the aw_display service fails to verify call...

This vulnerability in the WP Import Export WordPress plugin allows unauthenticated attackers to download any imported or exported data from vulnerable...

The Tab WordPress plugin before version 1.3.2 exposes all AJAX actions to unauthenticated users, allowing attackers to add, edit, or delete arbitrary ...

The WP Attachment Export WordPress plugin before version 0.2.4 lacks proper access controls, allowing unauthenticated users to download XML data conta...

CVE-2021-37738 is an information disclosure vulnerability in Aruba ClearPass Policy Manager that allows remote attackers to access sensitive informati...

CVE-2020-18757 is a vulnerability in Dut Computer Control Engineering Co.'s PLC MAC1100 that allows attackers to cause persistent denial of service vi...

CVE-2018-10865 is an authorization bypass vulnerability in Red Hat Certification 7 that allows unauthenticated users to trigger restart operations on ...

This vulnerability allows remote attackers to redirect users to arbitrary websites through the Gurunavi mobile app. Attackers can trick users into vis...

This vulnerability allows unauthorized users to modify configuration settings on affected Xerox multifunction printers without administrative privileg...

This vulnerability in Zammad allows attackers to modify Ticket Article data through a REST API call, bypassing auditing mechanisms. This affects all Z...

The Jenkins Chaos Monkey Plugin vulnerability allows attackers with Overall/Read permission to exploit HTTP endpoints without proper authorization che...

The WP Extended WordPress plugin has a missing capability check vulnerability that allows authenticated attackers with subscriber-level access or high...

The Popup Builder WordPress plugin has a missing capability check on all AJAX actions, allowing authenticated attackers with subscriber-level access o...