CWE-862: Missing Authorization

This CVE describes a missing authorization vulnerability in the WordPress Admin Management Xtended plugin that allows attackers to bypass access contr...

This vulnerability in the Find And Replace content WordPress plugin allows unauthenticated attackers to inject malicious scripts into website pages an...

CVE-2025-4477 is a privilege escalation vulnerability in TeamT5's ThreatSonar Anti-Ransomware software. Remote attackers with intermediate privileges ...

This CVE describes a Missing Authorization vulnerability in the Revenueflex Auto Ad Inserter WordPress plugin that allows unauthorized users to change...

This vulnerability allows unauthenticated attackers to modify Google Sheets integration credentials in Quiz Maker WordPress plugins, potentially leadi...

The ShopWP WordPress plugin has an authorization bypass vulnerability in REST API endpoints that allows unauthenticated attackers to modify plugin set...

The Frontend File Manager WordPress plugin up to version 18.2 allows unauthenticated attackers to send emails with custom HTML content using the site'...

ZoneMinder versions before 1.36.33 and 1.37.33 have an unauthenticated remote code execution vulnerability. Attackers can execute arbitrary commands o...

This vulnerability allows staff-level users in Vehicle Service Management System 1.0 to access admin resources and perform CRUD operations they should...

This vulnerability allows remote attackers to execute arbitrary code on S-CMS PHP v3.0 systems by modifying PHP files through the /1.com.php endpoint....

CVE-2021-33676 is a missing authority check vulnerability in SAP CRM that allows authenticated attackers with high privileges to bypass authorization ...

A local privilege escalation vulnerability in udisks allows unprivileged users to trigger the root-owned daemon to overwrite LUKS encryption headers. ...

This CVE describes a missing authorization vulnerability in the WooCommerce Bulk Product Editor plugin that allows attackers to exploit incorrectly co...

This CVE describes a Missing Authorization vulnerability in CMSMasters Content Composer WordPress plugin that allows attackers to bypass access contro...

This CVE describes an authorization bypass vulnerability in Discourse discussion platform where subscription endpoints lack proper ownership verificat...

This vulnerability allows authenticated GitLab users to access and use AI model settings from namespaces they shouldn't have access to by manipulating...

This CVE describes a missing authorization vulnerability in the Plugin Optimizer WordPress plugin that allows attackers to bypass access controls. Att...

This CVE describes a Missing Authorization vulnerability in the bPlugins Parallax Section WordPress block plugin that allows attackers to access funct...

This CVE describes a Missing Authorization vulnerability in the WPXPO PostX (ultimate-post) WordPress plugin that allows attackers to bypass access co...

This CVE describes a missing authorization vulnerability in the WordPress Info Cards plugin that allows attackers to access functionality not properly...

This CVE describes a Missing Authorization vulnerability in the UkrSolution Barcode Scanner with Inventory & Order Manager WordPress plugin. It allows...

This CVE describes a missing authorization vulnerability in the bPlugins Tiktok Feed WordPress plugin that allows attackers to access functionality no...

This CVE describes a Missing Authorization vulnerability in the WordPress Project Cost Calculator plugin that allows attackers to bypass access contro...

This CVE describes a missing authorization vulnerability in the PW WooCommerce On Sale! WordPress plugin that allows attackers to bypass access contro...

This CVE describes a Missing Authorization vulnerability in the Icegram Collect WordPress plugin that allows attackers to bypass access controls. It a...

This CVE describes a missing authorization vulnerability in the Stock Locations for WooCommerce WordPress plugin. It allows attackers to bypass access...

The Hive Support WordPress plugin has missing capability checks that allow authenticated users with Subscriber-level access or higher to read and over...

This CVE describes a Missing Authorization vulnerability in the BERTHA AI WordPress plugin that allows attackers to delete arbitrary content without p...

This CVE describes a Missing Authorization vulnerability in the Doppler Forms WordPress plugin that allows attackers to bypass access controls. It aff...

This vulnerability allows low-privilege users to modify checklists in lunary-ai/lunary version 1.4.28 by exploiting missing access controls on the /ch...

CVE-2024-2292 is an access control vulnerability that allows unauthorized users to view and modify other users' information due to missing authorizati...

This CVE describes a Missing Authorization vulnerability in the Squirrly SEO WordPress plugin that allows unauthorized users to perform actions that s...

This vulnerability allows unauthorized users to modify WordPress menu settings due to missing access control checks in the Bulk Menu Edit plugin. Word...

This vulnerability allows authenticated low-privileged attackers to remove users from groups in Q-Free MaxTime systems via crafted HTTP requests. It a...

This vulnerability allows authenticated low-privileged attackers to remove privileges from user groups in Q-Free MaxTime traffic management systems. A...

This CVE describes a Missing Authorization vulnerability in the Cab fare calculator WordPress plugin that allows attackers to perform Stored Cross-Sit...

This CVE describes a missing authorization vulnerability in Crocoblock's JetEngine WordPress plugin that allows attackers to bypass access controls. A...

This CVE describes a Missing Authorization vulnerability in the WordPress My Shortcodes plugin that allows attackers to exploit incorrectly configured...

This CVE describes a Missing Authorization vulnerability in the Seerox Easy Blocks Pro WordPress plugin that allows attackers to access functionality ...

The RapidLoad WordPress plugin has missing capability checks on multiple AJAX functions, allowing authenticated users with Subscriber-level access or ...

This CVE describes a missing authorization vulnerability in the Sunshine Photo Cart WordPress plugin that allows attackers to bypass access controls a...

This CVE describes a Missing Authorization vulnerability in the Meta Box WordPress plugin that allows attackers to bypass access controls and perform ...

This CVE describes a Missing Authorization vulnerability in the EazyDocs WordPress plugin that allows attackers to bypass access controls and perform ...

This CVE describes a path deletion vulnerability in macOS that allows applications to bypass Privacy preferences. It affects macOS Ventura and Sonoma ...

The Paytium WordPress plugin versions up to 4.3.7 lack proper capability checks, allowing authenticated users with subscriber-level permissions to cre...

The Paytium WordPress plugin has an authorization vulnerability that allows authenticated users with subscriber-level permissions to create Mollie pay...

The Tutor LMS Pro WordPress plugin has a missing capability check vulnerability that allows authenticated users with subscriber-level access or higher...

The Brizy Page Builder WordPress plugin has an authorization bypass vulnerability that allows authenticated users with contributor-level access or hig...

This CVE describes a Missing Authorization vulnerability in Slider Revolution WordPress plugin that allows unauthenticated attackers to perform unauth...

This CVE describes a missing authorization vulnerability in the WordPress Convert Pro plugin that allows unauthorized users to access administrative f...