CWE-862: Missing Authorization

This CVE describes a missing authorization vulnerability in the ListingPro WordPress theme that allows attackers to bypass access controls. Attackers ...

This CVE describes a Missing Authorization vulnerability in the WebinarIgnition WordPress plugin that allows attackers to bypass access controls. It a...

This CVE describes a Missing Authorization vulnerability in the miniOrange Google Authenticator WordPress plugin, allowing attackers to bypass intende...

This CVE describes a Missing Authorization vulnerability in the WordPress Login Page Customizer plugin that allows attackers to bypass access controls...

This CVE describes a missing authorization vulnerability in the WordPress Get Cash plugin that allows attackers to bypass access controls. Attackers c...

This vulnerability allows third-party Android apps to directly enable ADB debugging on affected Transsion devices without user permission or interacti...

The WP Social Ninja WordPress plugin has an authorization bypass vulnerability that allows unauthenticated attackers to view and modify the plugin's a...

This vulnerability allows unauthorized users with API access to read all knowledge base entries in GLPI software. It affects GLPI installations from v...

This CVE describes a missing authorization vulnerability in the Watu Quiz WordPress plugin that allows attackers to bypass access controls. Attackers ...

This CVE describes a Missing Authorization vulnerability in the WordPress Read More & Accordion plugin (expand-maker) that allows attackers to bypass ...

This vulnerability in Misskey allows unauthorized users to export and view posts from favorites or clips they shouldn't have access to. It affects Mis...

The MediaCommander WordPress plugin has an authorization flaw that allows authenticated users with Author-level permissions or higher to delete all fo...

The Popup Builder (Easy Notify Lite) WordPress plugin has a missing capability check vulnerability that allows authenticated users with Subscriber-lev...

The BuddyTask WordPress plugin has missing capability checks on AJAX endpoints, allowing authenticated users with Subscriber-level access or higher to...

This CVE describes a Missing Authorization vulnerability in the Listdom WordPress plugin by Webilia Inc. that allows attackers to bypass access contro...

This CVE describes a missing authorization vulnerability in the WP Delicious delicious-recipes WordPress plugin that allows attackers to bypass access...

This CVE describes a Missing Authorization vulnerability in the Wealcoder Animation Addons for Elementor WordPress plugin that allows attackers to del...

This CVE describes a Missing Authorization vulnerability in the Yandex.Metrica WordPress plugin that allows attackers to exploit incorrectly configure...

This CVE describes a missing authorization vulnerability in the Gutenverse News WordPress plugin that allows attackers to bypass access controls. It a...

This CVE describes a missing authorization vulnerability in the Gutenverse Form WordPress plugin that allows attackers to bypass access controls. It a...

The UiPress Lite WordPress plugin has a vulnerability that allows authenticated attackers with subscriber-level access or higher to extract sensitive ...

This vulnerability in the Directorist WordPress plugin allows authenticated attackers with Subscriber-level access or higher to export listing details...

The ACF Flexible Layouts Manager WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to modify custom fi...

This CVE describes a missing authorization vulnerability in the Contact Form Email WordPress plugin that allows attackers to bypass access controls. A...

This CVE describes a missing authorization vulnerability in the Ays Pro Survey Maker WordPress plugin that allows attackers to bypass access controls....

This CVE describes a missing authorization vulnerability in the Theater for WordPress plugin that allows attackers to bypass access controls. It affec...

This CVE describes a Missing Authorization vulnerability in the Appointment Booking Calendar WordPress plugin that allows attackers to bypass access c...

Apache OpenOffice versions through 4.1.15 have a missing authorization vulnerability where documents containing OLE objects with external links can au...

The Ovatheme Events Manager WordPress plugin has a missing capability check vulnerability that allows unauthenticated attackers to perform administrat...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to delete arbitrary user accounts, including administra...

This CVE describes a missing authorization (broken access control) vulnerability in the uxper Togo WordPress theme. It allows attackers to access func...

This CVE describes a Missing Authorization vulnerability in the Bux Woocommerce plugin for WordPress, allowing attackers to access functionality not p...

This CVE describes a Missing Authorization vulnerability in the Jock On Air Now (JOAN) WordPress plugin that allows attackers to bypass access control...

CVE-2025-63294 is an insecure permissions vulnerability in WorkDo HRM SaaS HR and Payroll Tool 8.1 that allows authenticated users to create leave or ...

The All in One Time Clock Lite WordPress plugin up to version 2.0.3 allows unauthenticated attackers to perform admin-level actions due to missing aut...

This vulnerability allows authenticated users to append comments or upload attachments to tickets they are not authorized to view or edit in FairSketc...

Nagios XI versions before 2012R1.6 have an authorization flaw in Auto-Discovery functionality. Users with read-only permissions can access Auto-Discov...

This vulnerability in the Anti-Malware Security and Brute-Force Firewall WordPress plugin allows authenticated attackers with Subscriber-level access ...

This vulnerability allows authenticated users in Liferay Portal/DXP to access and select unauthorized Blueprints through Collection Providers across i...

This CVE describes a missing authorization vulnerability in the FRESHFACE Custom CSS WordPress plugin that allows attackers to bypass access controls....

This vulnerability in the LearnPress WordPress LMS plugin allows unauthenticated attackers to perform destructive database operations via REST API end...

A missing authorization vulnerability in Drupal Facets allows attackers to access restricted content through forceful browsing. This affects Drupal si...

This CVE describes a missing authorization vulnerability in the Theme My Login WordPress plugin that allows attackers to bypass access controls. Attac...

This CVE describes a Missing Authorization vulnerability in VW THEMES Ibtana WordPress plugin that allows attackers to delete arbitrary content withou...

This CVE describes a missing authorization vulnerability in the MasterStudy LMS WordPress plugin that allows attackers to bypass access controls and p...

A missing authorization vulnerability in the PickPlugins Accordion WordPress plugin allows attackers to bypass intended access controls. This affects ...

This CVE describes a Missing Authorization vulnerability in the Gutentor WordPress plugin that allows attackers to exploit incorrectly configured acce...

This CVE describes a missing authorization vulnerability in the Post Carousel Slider for Elementor WordPress plugin. Attackers can exploit incorrectly...

This CVE describes a missing authorization vulnerability in the WordPress Editor Custom Color Palette plugin that allows attackers to bypass access co...

CubeCart versions before 6.5.11 contain a logic flaw in the newsletter subscription endpoint that allows attackers to unsubscribe any user without con...