CWE-862: Missing Authorization

The B Blocks WordPress plugin has a critical privilege escalation vulnerability that allows unauthenticated attackers to create new administrator acco...

CVE-2025-46811 is a critical Missing Authorization vulnerability in SUSE Linux Manager that allows any user who can connect to port 443 of SUSE Manage...

The Platform theme for WordPress has an authentication bypass vulnerability that allows unauthenticated attackers to modify WordPress site options. Th...

This vulnerability allows unauthenticated attackers to generate login tokens for arbitrary WordPress users in the WebinarIgnition plugin, leading to a...

This vulnerability in the ONLYOFFICE Docs WordPress plugin allows unauthenticated attackers to escalate privileges by exploiting a missing authorizati...

The bSecure WordPress plugin versions 1.3.7 through 1.7.9 have an authentication bypass vulnerability in their order_info REST endpoint. Unauthenticat...

The PT Project Notebooks WordPress plugin versions 1.0.0 through 1.1.3 contain a privilege escalation vulnerability in the wpnb_pto_new_users_add() fu...

CVE-2025-32281 is a missing authorization vulnerability in the WPKit For Elementor WordPress plugin that allows attackers to update arbitrary WordPres...

Dell PowerScale OneFS versions 9.5.0.0 through 9.10.0.1 have a critical missing authorization vulnerability in NFS export. Unauthenticated remote atta...

This vulnerability allows unauthenticated attackers to install arbitrary WordPress plugins on sites running the vulnerable FunnelKit plugin. Attackers...

This vulnerability allows unauthenticated attackers to create new administrator accounts on WordPress sites using the REST API | Custom API Generator ...

The WP Email Debug plugin for WordPress has a privilege escalation vulnerability that allows unauthenticated attackers to redirect all email traffic t...

The HyperComments WordPress plugin has a critical vulnerability that allows unauthenticated attackers to modify WordPress site options. This can be ex...

A missing authorization vulnerability in Znuny's Generic Interface allows attackers to modify ticket metadata without proper permission checks. This a...

Digigram's PYKO-OUT audio-over-IP web-server has no default password requirement, allowing unauthenticated attackers to connect and compromise the dev...

This vulnerability allows any user with access to XWiki pages to switch authentication methods, potentially disrupting authentication systems. It affe...

This vulnerability in Seclore v3.27.5.0 allows attackers to bypass authentication through brute force attacks on the login page. Attackers can gain un...

This vulnerability allows macOS shortcuts to execute with administrative privileges without proper authentication. It affects macOS Ventura, Sequoia, ...

This vulnerability allows malicious applications to delete files they shouldn't have permission to access by exploiting improper symlink handling. It ...

This CVE describes a macOS sandbox bypass vulnerability where malicious applications can access protected user data from system pasteboards. It affect...

This CVE describes a macOS sandbox bypass vulnerability that allows malicious applications to check for the existence of arbitrary file system paths. ...

This vulnerability allows malicious applications to access Safari bookmarks without proper authorization checks. It affects macOS systems running vuln...

This vulnerability allows malicious applications to bypass verification code rate limiting and access saved passwords in macOS. It affects macOS users...

A permissions vulnerability in macOS allows applications to bypass security restrictions and access protected user data. This affects macOS Ventura, S...

This vulnerability allows attackers to bypass authorization checks in Drupal OAuth2 Server through forceful browsing, potentially accessing restricted...

This CVE describes a Missing Authorization vulnerability in Drupal's Authenticator Login module that allows attackers to bypass authentication control...

This vulnerability allows unauthenticated attackers to modify WordPress site options via the Checkout Mestres do WP for WooCommerce plugin. Attackers ...

The Altair WordPress theme has a critical vulnerability that allows unauthenticated attackers to modify WordPress site options without permission. Thi...

This vulnerability allows unauthenticated attackers to change any WordPress user's password, including administrators, in the Golo City Travel Guide t...

The Newscrunch WordPress theme contains a vulnerability that allows authenticated users with Subscriber-level access or higher to upload arbitrary fil...

This CVE describes a missing authorization vulnerability in the WordPress Residential Address Detection plugin that allows attackers to update arbitra...

The Oliver POS WordPress plugin exposes sensitive clientToken data through logging functionality, allowing unauthenticated attackers to extract creden...

The Media Manager for UserPro WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to modify WordPress si...

This CVE describes a Missing Authorization vulnerability in the Agency Toolkit WordPress plugin that allows attackers to escalate privileges. Any Word...

The WooCommerce Point of Sale plugin for WordPress has a privilege escalation vulnerability that allows unauthenticated attackers to change email addr...

This CVE describes a Missing Authorization vulnerability in the Eyewear prescription form WordPress plugin that allows attackers to update arbitrary o...

CVE-2024-45493 allows attackers to bypass local-only authentication restrictions for internal user accounts on MSA FieldServer Gateway devices. Attack...

This CVE describes a missing authorization vulnerability in the Sweet Date WordPress theme that allows privilege escalation. Attackers can exploit thi...

This CVE describes an unauthenticated broken access control vulnerability in the SoftLab Integrate Google Drive WordPress plugin. Attackers can exploi...

The SV100 Companion WordPress plugin has a critical vulnerability that allows unauthenticated attackers to modify WordPress settings, including changi...

This vulnerability allows unauthenticated attackers to bypass authorization in the CleanTalk WordPress plugin and install arbitrary plugins. Attackers...

NVIDIA Base Command Manager's CMDaemon component lacks proper authentication, allowing attackers to execute arbitrary code, escalate privileges, or di...

This CVE describes a missing authorization vulnerability in Medma Technologies Matix Popup Builder WordPress plugin that allows attackers to update ar...

A missing authorization vulnerability (CWE-862) in Schneider Electric products allows unauthorized access when devices are network-enabled. This could...

The Leopard WordPress Offload Media plugin has an authorization bypass vulnerability that allows authenticated users with Subscriber-level access or h...

The Debug Tool plugin for WordPress has a critical vulnerability that allows unauthenticated attackers to create arbitrary files, including PHP files,...

CVE-2024-48073 is a critical privilege escalation vulnerability in sunniwell HT3300 devices where the update program has insecure sudo permissions and...

This vulnerability in the WordPress Signup Page plugin allows attackers to update arbitrary WordPress options without proper authorization, leading to...

This vulnerability in Neye3C v4.5.2.0 firmware update and download processes allows attackers to extract sensitive information by reverse-engineering ...

The SiteGround Optimizer WordPress plugin up to version 5.0.12 contains an authorization bypass vulnerability in its REST API endpoint. This allows un...