CWE-862: Missing Authorization

CubeCart versions before 6.5.11 contain a logic flaw in the newsletter subscription endpoint that allows attackers to unsubscribe any user without con...

Mattermost versions 10.10.x through 10.10.1 fail to properly sanitize user data during shared channel synchronization, allowing malicious remote clust...

CVE-2025-39541 is a missing authorization vulnerability in the WP Simple Booking Calendar WordPress plugin that allows attackers to perform unauthoriz...

CVE-2025-42912 is an authorization bypass vulnerability in SAP HCM My Timesheet Fiori 2.0 that allows authenticated users to perform unauthorized acti...

This CVE describes a missing authorization vulnerability in the VillaTheme HAPPY WordPress plugin that allows attackers to bypass access controls. It ...

This CVE describes a missing authorization vulnerability in the Stylemix MasterStudy LMS WordPress plugin that allows attackers to bypass access contr...

The AI Engine WordPress plugin up to version 2.9.5 lacks proper authentication checks in its REST API endpoints, allowing unauthenticated attackers to...

CVE-2025-58616 is a missing authorization vulnerability in Frisbii Pay WordPress plugin that allows attackers to bypass access controls and potentiall...

This vulnerability allows attackers to bypass authorization controls in the All Bootstrap Blocks WordPress plugin, potentially accessing or modifying ...

This CVE describes a missing authorization vulnerability in the Houzez CRM WordPress plugin that allows attackers to bypass access controls. It affect...

This CVE describes a missing authorization vulnerability in the Mojoomla School Management WordPress plugin that allows attackers to bypass access con...

This CVE describes an authorization bypass vulnerability in flaskBlog where admin role checks are only performed on the main /admin route but not on s...

This CVE describes a Missing Authorization vulnerability in The Plus Addons for Elementor Page Builder Lite WordPress plugin that allows attackers to ...

This vulnerability allows an authenticated low-privileged remote attacker to bypass authorization and access troubleshoot files from different domains...

This CVE describes a Missing Authorization vulnerability in the DB Backup WordPress plugin that allows attackers to exploit incorrectly configured acc...

This vulnerability allows authenticated remote attackers to reset administrator passwords in Ivanti Virtual Application Delivery Controller (vADC) adm...

This vulnerability in the Malcure Malware Scanner WordPress plugin allows authenticated attackers with subscriber-level access or higher to read arbit...

This CVE describes a missing authorization vulnerability in WPFactory's Product XML Feed Manager for WooCommerce plugin. It allows attackers to exploi...

This vulnerability in Conjur secrets management software allows authenticated attackers to inject unauthorized resources into the database and bypass ...

This CVE describes a missing authorization vulnerability in the VG WORT METIS WordPress plugin that allows attackers to bypass access controls. Attack...

This CVE describes a missing authorization vulnerability in the pankaj.sakaria CMS Blocks WordPress plugin that allows attackers to bypass intended ac...

This CVE describes a Missing Authorization vulnerability in the WP Dummy Content Generator WordPress plugin that allows attackers to delete arbitrary ...

This CVE describes a Missing Authorization vulnerability in Drupal's Bookable Calendar module that allows attackers to access restricted functionality...

This CVE describes a Missing Authorization vulnerability in the StyleAI WordPress plugin that allows attackers to access functionality not properly re...

This CVE describes a Missing Authorization vulnerability in Woo Slider Pro WordPress plugin that allows attackers to delete arbitrary slider content w...

This CVE describes a Missing Authorization vulnerability in ChoPlugins Custom PC Builder Lite for WooCommerce WordPress plugin. It allows attackers to...

This CVE describes a Missing Authorization vulnerability in Drupal Enterprise MFA - TFA for Drupal that allows forceful browsing. Attackers can bypass...

An authenticated user without proper permissions can view other users' account information in affected software. This information disclosure vulnerabi...

This CVE describes a Missing Authorization vulnerability in the RelyWP AI Text to Speech WordPress plugin that allows attackers to bypass access contr...

This CVE describes a missing authorization vulnerability in WP Helper Premium plugin that allows attackers to access functionality not properly constr...

This CVE describes a missing authorization vulnerability in the FADI MED Editor Wysiwyg Background Color WordPress plugin that allows attackers to byp...

This CVE describes a Missing Authorization vulnerability in the Themefic Instantio WordPress plugin that allows attackers to change plugin settings wi...

This CVE describes a Missing Authorization vulnerability in the WordPress 'Delete All Posts' plugin that allows attackers to delete all posts without ...

This CVE describes a Missing Authorization vulnerability in the WordPress Internal Link Optimiser plugin that allows attackers to change plugin settin...

This CVE describes a missing authorization vulnerability in the WordPress Site Notify plugin that allows attackers to bypass access controls. Attacker...

This CVE describes a missing authorization vulnerability in the Specia Companion WordPress plugin that allows attackers to bypass access controls. Att...

This CVE describes a Missing Authorization vulnerability in the Shiptrack Booking Calendar and Notification WordPress plugin that allows attackers to ...

This CVE describes a Missing Authorization vulnerability in Eniture Technology's Pallet Packaging for WooCommerce plugin that allows attackers to bypa...

CVE-2025-31858 is a missing authorization vulnerability in the Local Magic WordPress plugin that allows attackers to bypass access controls and perfor...

This CVE describes a Missing Authorization vulnerability in the OTWthemes Widget Manager Light WordPress plugin that allows attackers to access functi...

CVE-2025-31736 is a missing authorization vulnerability in the richtexteditor WordPress plugin that allows attackers to bypass access controls and per...

This CVE describes a missing authorization vulnerability in the TuriTop Booking System WordPress plugin that allows attackers to bypass access control...

This CVE describes a Missing Authorization vulnerability in the Residential Address Detection WordPress plugin that allows attackers to bypass access ...

This CVE describes a Missing Authorization vulnerability in the WordPress Append Content plugin that allows attackers to change plugin settings withou...

This CVE describes a Missing Authorization vulnerability in the Blocksera Cryptocurrency Widgets Pack WordPress plugin that allows attackers to bypass...

This vulnerability allows unauthorized users to create or modify checklists in lunary-ai/lunary, bypassing permission checks. Attackers can also spoof...

In lunary-ai/lunary version 1.5.6, the /v1/evaluators/ endpoint lacks proper access control, allowing any authenticated user associated with a project...

The GiveWP WordPress plugin has an authorization vulnerability that allows unauthenticated attackers to access sensitive earnings report data. This af...

This vulnerability in the WC Affiliate WordPress plugin allows authenticated attackers with Subscriber-level access or higher to export sensitive affi...

The Hero Mega Menu WordPress plugin has an arbitrary file deletion vulnerability that allows unauthenticated attackers to delete any directory on the ...