CWE-862: Missing Authorization

The WebPurify Profanity Filter WordPress plugin has an authorization bypass vulnerability that allows unauthenticated attackers to modify plugin setti...

This vulnerability allows authenticated WordPress users with subscriber-level access or higher to manipulate loyalty program rules in the MyRewards pl...

This CVE describes a missing authorization vulnerability in the WP Chill Passster WordPress plugin that allows attackers to bypass content protection ...

This CVE describes a Missing Authorization vulnerability in the Brecht Visual Link Preview WordPress plugin that allows attackers to exploit incorrect...

This CVE describes a missing authorization vulnerability in the Strong Testimonials WordPress plugin that allows attackers to bypass access controls. ...

This vulnerability allows moderators in Discourse to improperly convert private personal messages into public topics, violating user privacy expectati...

This vulnerability in phpMyFAQ allows any authenticated user, regardless of permissions, to trigger configuration backups and retrieve the backup file...

CVE-2026-24139 is an authorization bypass vulnerability in MyTube that allows guest or low-privileged users to download the complete application datab...

The All-in-One Video Gallery WordPress plugin has missing capability checks on AJAX functions, allowing unauthenticated attackers to create and delete...

This CVE describes a missing authorization vulnerability in the Hyyan WooCommerce Polylang Integration plugin for WordPress. It allows attackers to ex...

This CVE describes a missing authorization vulnerability in iNET Webkit WordPress plugin that allows attackers to bypass access controls. It affects a...

This CVE describes a Missing Authorization vulnerability in the NSquared Simply Schedule Appointments WordPress plugin that allows attackers to bypass...

This CVE describes a Missing Authorization vulnerability in the designthemes Reservation Plugin (dt-reservation-plugin) for WordPress that allows unau...

This CVE describes a missing authorization vulnerability in the Solace WordPress theme that allows attackers to bypass access controls. It affects all...

This CVE describes a Missing Authorization vulnerability in the WordPress plugin WDV One Page Docs, allowing attackers to bypass access controls and p...

This CVE describes a Missing Authorization vulnerability in the Depicter Slider WordPress plugin that allows attackers to bypass access controls. It a...

This CVE describes a missing authorization vulnerability in the Ninja Team GDPR CCPA Compliance Support WordPress plugin that allows attackers to bypa...

This CVE describes a missing authorization vulnerability in the Icegram WordPress plugin that allows attackers to bypass access controls. Attackers ca...

This CVE describes a missing authorization vulnerability in the WP BackItUp WordPress plugin that allows attackers to bypass access controls and perfo...

This CVE describes a Missing Authorization vulnerability in the Easy Property Listings WordPress plugin that allows attackers to bypass access control...

This CVE describes a Missing Authorization vulnerability in the SEO Booster WordPress plugin that allows attackers to exploit incorrectly configured a...

This CVE describes a missing authorization vulnerability in the WANotifier WordPress plugin that allows attackers to exploit incorrectly configured ac...

This CVE describes a missing authorization vulnerability in the WordPress Slider Templates plugin that allows attackers to access functionality not pr...

This CVE describes a Missing Authorization vulnerability in the Payment Gateway Authorize.Net CIM for WooCommerce plugin that allows unauthorized user...

This CVE describes a Missing Authorization vulnerability in the Onepay Sri Lanka payment gateway plugin for WooCommerce. It allows attackers to exploi...

This CVE describes a Missing Authorization vulnerability in the Shown Connector WordPress plugin that allows attackers to change plugin settings witho...

This CVE describes a Missing Authorization vulnerability in Event Espresso 4 Decaf WordPress plugin that allows unauthorized users to change plugin se...

This CVE describes a Missing Authorization vulnerability in TaxCloud for WooCommerce (simple-sales-tax plugin) that allows attackers to exploit incorr...

This CVE describes a missing authorization vulnerability in the Peach Payments Gateway WordPress plugin that allows attackers to bypass access control...

This CVE describes a Missing Authorization vulnerability in Tickera's WordPress event ticketing plugin that allows attackers to bypass access controls...

The Wallet System for WooCommerce WordPress plugin has an authorization vulnerability that allows authenticated users with Subscriber-level access or ...

The MailerLite - WooCommerce integration plugin for WordPress has a missing capability check vulnerability that allows authenticated attackers with Su...

This vulnerability allows unauthenticated attackers to demote WordPress administrators to low-privilege roles in the Awesome Support plugin. Attackers...

The WP Page Permalink Extension plugin for WordPress has a missing authorization vulnerability that allows authenticated users with Subscriber-level a...

This vulnerability allows authenticated users in GitLab EE to modify instance-wide AI feature provider settings due to missing authorization checks in...

This CVE describes a Missing Authorization vulnerability in the Munir Kamal Block Slider WordPress plugin that allows attackers to bypass access contr...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to enumerate order IDs and access sensitive personal in...

This CVE describes a missing authorization vulnerability in The Plus Addons for Elementor Pro WordPress plugin that allows attackers to bypass access ...

This vulnerability allows unauthenticated attackers to replay form workflow executions in the Bit Form WordPress plugin. Attackers can trigger all con...

This CVE describes a Missing Authorization vulnerability in the Responsive Addons for Elementor WordPress plugin that allows attackers to bypass acces...

This vulnerability in QOCA aim AI Medical Cloud Platform allows authenticated attackers to modify network packet parameters, enabling unauthorized acc...

This authentication bypass vulnerability in Petlibro Smart Pet Feeder Platform allows unauthenticated attackers to access any user account by exploiti...

This CVE describes a missing authorization vulnerability in the BizPrint WordPress plugin that allows attackers to bypass access controls. The vulnera...

CVE-2025-68498 is a missing authorization vulnerability in the Crocoblock JetTabs WordPress plugin that allows attackers to bypass access controls and...

This CVE describes a Missing Authorization vulnerability in the Crocoblock JetBlog WordPress plugin that allows attackers to bypass access controls. A...

This CVE describes a Missing Authorization vulnerability in the WordPress Post Grid and Gutenberg Blocks plugin that allows attackers to bypass access...

This CVE describes a Missing Authorization vulnerability in the WordPress plugin 'Offload, AI & Optimize with Cloudflare Images' (cf-images). It allow...

This CVE describes a missing authorization vulnerability in the InstaWP Connect WordPress plugin that allows attackers to bypass access controls. Atta...

This CVE describes a missing authorization vulnerability in the RestroPress WordPress plugin that allows attackers to bypass access controls. It affec...

This CVE describes a Missing Authorization vulnerability in the WP Social Ninja WordPress plugin that allows attackers to exploit incorrectly configur...