CWE-862: Missing Authorization

This CVE describes a Missing Authorization vulnerability in Slider Revolution WordPress plugin that allows unauthenticated attackers to perform unauth...

This CVE describes a missing authorization vulnerability in the WordPress Convert Pro plugin that allows unauthorized users to access administrative f...

This CVE describes a Missing Authorization vulnerability in MultiVendorX WC Marketplace WordPress plugin. It allows unauthorized users to perform acti...

This CVE describes a Missing Authorization vulnerability in the ARForms WordPress plugin that allows authenticated subscribers to arbitrarily activate...

This CVE describes a missing authorization vulnerability in the Academy LMS WordPress plugin that allows unauthorized access to paid courses. Attacker...

This vulnerability allows unauthorized access to sensitive information and potential manipulation due to missing authorization checks in Acronis Cyber...

This CVE describes a Missing Authorization vulnerability in the WordPress Prime Slider plugin for Elementor. It allows attackers to perform unauthoriz...

The WP-Stateless plugin for WordPress has a missing capability check that allows authenticated users with subscriber-level access or higher to update ...

The Woostify Sites Library WordPress plugin before version 1.4.8 lacks proper authorization checks in an AJAX endpoint, allowing any authenticated use...

This vulnerability allows unauthorized users to access and manipulate sensitive information in Acronis Cyber Protect Cloud Agent for Windows due to mi...

This vulnerability allows unauthorized access to sensitive information and potential manipulation due to missing authorization checks in Acronis Cyber...

This vulnerability allows unauthorized access to sensitive information and potential manipulation due to missing authorization checks in Acronis Cyber...

This vulnerability allows unauthorized users to access and manipulate sensitive information in Acronis Cyber Protect products due to missing authoriza...

CVE-2023-2268 is an information disclosure vulnerability in Plane version 0.7.1 that allows unauthenticated attackers to access all user files stored ...

This vulnerability in Jenkins Orka by MacStadium Plugin allows attackers with Overall/Read permission to connect to attacker-controlled URLs using sto...

The Kali Forms WordPress plugin up to version 2.1.1 contains an authenticated options change vulnerability due to missing authentication checks in the...

CloudExplorer Lite prior to version 1.1.0 has a missing authorization vulnerability that allows authenticated users to add themselves to any organizat...

CloudExplorer Lite has a missing permission check vulnerability that allows users to add themselves to any organization without authorization. This af...

This vulnerability allows users without view permissions to access Office attachment content via the view file macro in XWiki Remote Macros. It affect...

OpenProject versions before 17.0.2 contain a missing authorization vulnerability where users with 'Manage Users' permission can lock application admin...

This vulnerability in IBM DS8000 storage systems allows local users with authorized CCW update permissions to delete or corrupt backups due to missing...

This Android vulnerability allows background applications to retain foreground permissions indefinitely due to a permissions bypass in the RemotePrint...

The Gutena Forms WordPress plugin has an authorization vulnerability that allows authenticated users with Contributor-level access or higher to modify...

This vulnerability in wpForo Forum allows authenticated users to reassign all forum user groups to arbitrary WordPress roles, enabling privilege escal...

OpenEMR versions before 8.0.0 contain an access control vulnerability that allows low-privileged users (like receptionists) to export the entire messa...

The weMail WordPress plugin up to version 2.0.7 allows unauthenticated attackers to permanently delete all email marketing forms. This occurs because ...

This CVE describes a missing authorization vulnerability in the Print Invoice & Delivery Notes for WooCommerce plugin that allows attackers to bypass ...

This CVE describes a Missing Authorization vulnerability in the WP FullCalendar WordPress plugin that allows attackers to exploit incorrectly configur...

This CVE describes a Missing Authorization vulnerability in the Cartify WordPress theme that allows unauthorized users to delete arbitrary content. Th...

This CVE describes a missing authorization vulnerability in the Sendy WordPress plugin that allows attackers to bypass access controls. It affects Sen...

This CVE describes a missing authorization vulnerability in the ELEX WordPress HelpDesk & Customer Ticketing System plugin that allows attackers to by...

This CVE describes a Missing Authorization vulnerability in the Advanced WC Analytics WordPress plugin that allows unauthorized users to change plugin...

This CVE describes a missing authorization vulnerability in the Travelpayouts WordPress plugin that allows attackers to bypass access controls. It aff...

This CVE describes a Missing Authorization vulnerability in the ConveyThis WordPress translation plugin that allows attackers to bypass access control...

This CVE describes a Missing Authorization vulnerability in the Addonify Compare Products for WooCommerce WordPress plugin. It allows attackers to cha...

This CVE describes a Missing Authorization vulnerability in the Addonify Floating Cart for WooCommerce WordPress plugin. It allows attackers to exploi...

This CVE describes a missing authorization vulnerability in the GA4WP: Google Analytics for WordPress plugin that allows attackers to exploit incorrec...

This CVE describes a Missing Authorization vulnerability in the knitpay UPI QR Code Payment Gateway for WooCommerce plugin. It allows attackers to byp...

This CVE describes a missing authorization vulnerability in the Sunshine Photo Cart WordPress plugin that allows attackers to bypass access controls. ...

This CVE describes a Missing Authorization vulnerability in the aDirectory WordPress plugin that allows attackers to bypass access controls. It affect...

This CVE describes a missing authorization vulnerability in the Konte WordPress theme that allows attackers to bypass access controls. It affects all ...

This CVE describes a Missing Authorization vulnerability in the Academy LMS WordPress plugin that allows attackers to bypass access controls. Users ru...

This CVE describes a Missing Authorization vulnerability in the Calculated Fields Form WordPress plugin that allows attackers to bypass access control...

A Missing Authorization vulnerability in GitHub Enterprise Server allows authenticated attackers to upload unauthorized content to other users' reposi...

This CVE describes a Missing Authorization vulnerability in the Smartypants SP Project & Document Manager WordPress plugin that allows attackers to by...

CVE-2026-25768 is an authorization bypass vulnerability in LavinMQ message queue server where authenticated users can access broker metadata they shou...

The Twitter posts to Blog WordPress plugin has a missing capability check vulnerability that allows unauthenticated attackers to modify plugin setting...

This CVE describes a missing authorization vulnerability in PlaciPy placement management system. Authenticated users can access, modify, or delete any...

This vulnerability in Gogs allows authenticated users to cause a denial-of-service (DoS) attack by deleting repository files before synchronization, w...

This vulnerability allows attackers with read-only access tokens to modify repository contents in Gogs self-hosted Git service. It affects all Gogs in...