CWE-862: Missing Authorization

The WP Extended WordPress plugin has a missing capability check vulnerability that allows authenticated attackers with subscriber-level access or high...

The Popup Builder WordPress plugin has a missing capability check on all AJAX actions, allowing authenticated attackers with subscriber-level access o...

This vulnerability in HashiCorp Nomad allows job submitters to escalate privileges to management-level access using workload identity and task API fea...

This CVE-2022-21953 is a missing authorization vulnerability in SUSE Rancher that allows authenticated users to create unauthorized shell pods and gai...

The New User Approve WordPress plugin has missing capability checks on REST API endpoints, allowing unauthenticated attackers to approve/deny user reg...

This CVE describes a Missing Authorization vulnerability in the WordPress ListingHub plugin that allows attackers to bypass access controls. It affect...

This CVE describes a missing authorization vulnerability in the Real Estate Pro WordPress plugin that allows attackers to bypass access controls. Atta...

This CVE describes a missing authorization vulnerability in the WP Membership WordPress plugin that allows attackers to bypass access controls. Attack...

This CVE describes a Missing Authorization vulnerability in the WordPress Final User plugin that allows attackers to bypass access controls. Attackers...

This CVE describes a missing authorization vulnerability in the WordPress fitness-trainer plugin that allows attackers to bypass access controls. Atta...

This CVE describes a missing authorization vulnerability in the Listihub WordPress theme that allows attackers to bypass access controls. Attackers ca...

This CVE describes a missing authorization vulnerability in the Hotel Listing WordPress plugin that allows attackers to bypass access controls. Attack...

This CVE describes a Missing Authorization vulnerability in the Hospital Doctor Directory WordPress plugin that allows attackers to bypass access cont...

This CVE describes a missing authorization vulnerability in the WordPress Institutions Directory plugin that allows attackers to bypass access control...

This CVE describes a missing authorization vulnerability in the Lawyer Directory WordPress plugin that allows attackers to bypass access controls. It ...

DinukaNavaratna Dee Store 1.0 has a missing authorization vulnerability (CWE-862) that allows remote attackers to access multiple endpoints without pr...

This CVE describes an authorization bypass vulnerability in rymcu forest's UserDicController API endpoints. Attackers can remotely manipulate user dic...

This CVE describes a missing authorization vulnerability in the Billingo Official Integration WordPress plugin that allows authenticated attackers to ...

This CVE describes a Missing Authorization vulnerability in the WPLMS WordPress plugin by VibeThemes, allowing attackers to access functionality not p...

This CVE describes a missing authorization vulnerability in the VonStroheim TheBooking WordPress plugin that allows attackers to access functionality ...

CVE-2025-8435 is a critical missing authorization vulnerability in code-projects Online Movie Streaming 1.0 that allows attackers to bypass authentica...

This critical vulnerability in code-projects Online Movie Streaming 1.0 allows unauthorized access to admin.php functionality by manipulating the ID p...

VMware Cloud Foundation contains a missing authorization vulnerability that allows authenticated users to perform unauthorized actions and access limi...

The Flynax Bridge WordPress plugin has a privilege escalation vulnerability that allows unauthenticated attackers to register new user accounts with a...

CVE-2025-3963 is a critical missing authorization vulnerability in withstars Books-Management-System 1.0 that allows unauthenticated attackers to acce...

CVE-2025-3960 is a critical missing authorization vulnerability in withstars Books-Management-System 1.0 that allows unauthenticated attackers to acce...

This vulnerability allows unauthenticated attackers to execute arbitrary WordPress shortcodes through the Logo Slider plugin. Attackers could inject m...

This CVE describes a missing authorization vulnerability in the WordPress BetterLinks plugin that allows attackers to bypass access controls and perfo...

This CVE describes a missing authorization vulnerability in the ReDi Restaurant Reservation WordPress plugin that allows attackers to bypass access co...

This CVE describes a Missing Authorization vulnerability in the Woo Custom Emails WordPress plugin that allows attackers to exploit incorrectly config...

This CVE describes a Missing Authorization vulnerability in the WPWeb Elite WooCommerce PDF Vouchers plugin for WordPress. It allows unauthenticated a...

This CVE describes a Missing Authorization vulnerability in the YMC Filter & Grids WordPress plugin that allows attackers to access functionality not ...

The WP Easy Post Types WordPress plugin has a missing capability check vulnerability that allows authenticated users with subscriber-level access or h...

The Timetable and Event Schedule WordPress plugin has an authorization bypass vulnerability that allows unauthenticated attackers to execute AJAX func...

CVE-2023-36515 is a missing authorization vulnerability in the LearnPress WordPress plugin that allows unauthenticated attackers to perform actions th...

The Tutor LMS Pro WordPress plugin up to version 2.7.0 lacks proper capability checks on multiple functions, allowing unauthenticated attackers to add...

The Bulgarisation for WooCommerce WordPress plugin has missing capability checks that allow unauthorized users to generate and delete labels. This aff...

The Oliver POS WordPress plugin has missing capability checks on AJAX functions, allowing authenticated attackers with subscriber-level access or high...

The Hostinger WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to enable or disable maintenance mode ...

The UserPro WordPress plugin has a missing capability check vulnerability that allows unauthenticated attackers to add, modify, or delete user metadat...

CVE-2023-36815 is a privilege escalation vulnerability in Sealos Cloud Operating System's billing system that allows authenticated users to manipulate...

The WP Activity Log plugin for WordPress has an authorization bypass vulnerability that allows unauthenticated attackers to run the plugin's setup wiz...

This vulnerability allows a malicious app on an Android device to enable Bluetooth discovery mode without user permission, potentially exposing the de...

This vulnerability in the BackWPup WordPress plugin allows authenticated attackers with subscriber-level access or higher to modify WordPress site opt...

This vulnerability allows authenticated attackers with Shop Manager or higher WordPress roles to install arbitrary plugins via the CTX Feed plugin. Th...

This vulnerability allows authenticated attackers with Shop Manager or higher privileges in WordPress to modify arbitrary site options due to missing ...

This vulnerability in the Eventin WordPress plugin allows unauthenticated attackers to modify plugin settings and inject malicious scripts. Attackers ...

This CVE describes a missing authorization vulnerability in the Bowo Admin and Site Enhancements (ASE) WordPress plugin that allows attackers to bypas...

The Multiple Roles per User WordPress plugin has an authorization vulnerability that allows authenticated users with 'edit_users' capability to modify...

This CVE describes a missing authorization vulnerability in the WordPress Admin Management Xtended plugin that allows attackers to bypass access contr...