CWE-862: Missing Authorization

The Hero Mega Menu WordPress plugin has an arbitrary file deletion vulnerability that allows unauthenticated attackers to delete any directory on the ...

This CVE describes a Missing Authorization vulnerability in the WAH Forms WordPress plugin that allows attackers to bypass access controls and access ...

This vulnerability allows unauthorized users to access functionality intended only for authenticated administrators in the WP Journal WordPress plugin...

This CVE describes a Missing Authorization vulnerability in the ts-tree WordPress plugin that allows attackers to delete arbitrary content without pro...

This CVE describes a Missing Authorization vulnerability in the Small Package Quotes – Unishippers Edition WordPress plugin that allows attackers to...

This vulnerability allows unauthorized users to access data sources they shouldn't have permission to view or modify in Hitachi Vantara Pentaho Busine...

This CVE describes a Missing Authorization vulnerability in the WordPress plugin 'LTL Freight Quotes – Unishippers Edition' that allows attackers to...

This CVE describes a Missing Authorization vulnerability in the OPSI Israel Domestic Shipments WordPress plugin that allows attackers to bypass access...

CVE-2025-23534 is a missing authorization vulnerability in the WPLingo WordPress plugin that allows attackers to delete arbitrary content without prop...

This vulnerability allows authenticated low-privileged attackers to enumerate user accounts in Q-Free MaxTime systems via crafted HTTP requests to the...

This vulnerability allows authenticated low-privileged attackers to modify user data in Q-Free MaxTime systems via crafted HTTP requests. It affects a...

This vulnerability in GitLab allows unauthorized users to view confidential issue titles and descriptions from public projects via the user interface....

This CVE describes a missing authorization vulnerability in the Ksher WordPress payment plugin that allows attackers to bypass access controls. Attack...

This CVE describes a missing authorization vulnerability in the Realwebcare Image Gallery WordPress plugin that allows attackers to bypass access cont...

This CVE describes a Missing Authorization vulnerability in WPGuppy WordPress plugin that allows attackers to bypass access controls. It affects all W...

This CVE describes a Missing Authorization vulnerability in the WC Wallet WordPress plugin that allows attackers to access functionality not properly ...

This CVE describes a Missing Authorization vulnerability in the mgplugin EMI Calculator WordPress plugin that allows attackers to change plugin settin...

This vulnerability allows malicious webpages to bypass file system access restrictions and fingerprint users on Apple devices. It affects macOS, iOS, ...

This CVE describes a Missing Authorization vulnerability in the WordPress Donate visa plugin that allows attackers to inject malicious scripts via sto...

This CVE describes a Missing Authorization vulnerability in the Blokhaus Minterpress WordPress plugin that allows attackers to delete arbitrary conten...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to update arbitrary plugin options, including setting v...

This CVE describes a Missing Authorization vulnerability in the WordPress 12 Step Meeting List plugin that allows unauthorized users to delete arbitra...

This CVE describes a missing authorization vulnerability in the Patreon WordPress plugin that allows attackers to bypass access controls. It affects W...

The Jobify WordPress theme has missing capability checks that allow unauthenticated attackers to make arbitrary web requests and upload image files. T...

This CVE describes a Missing Authorization vulnerability in the NotFound Database Sync WordPress plugin that allows attackers to bypass access control...

This vulnerability in JetBrains TeamCity allows unauthorized decryption of connection secrets via the Test Connection endpoint. Attackers with access ...

CVE-2024-50967 is an unauthenticated access control vulnerability in Becon DATAGerry's REST API that allows attackers to remotely query user rights an...

The Sandbox WordPress plugin allows authenticated attackers with Subscriber-level access or higher to download entire sandbox environments containing ...

This CVE describes a Missing Authorization vulnerability in the Drupal Entity Delete Log module that allows attackers to perform forceful browsing to ...

The Infility Global WordPress plugin has a missing capability check that allows authenticated users with Subscriber-level access or higher to modify p...

This CVE describes a missing authorization vulnerability in the Putler Connector for WooCommerce plugin that allows unauthenticated attackers to perfo...

This CVE describes a Missing Authorization vulnerability in the IDX IMPress Listings WordPress plugin that allows attackers to bypass access controls....

CVE-2022-45830 is a missing authorization vulnerability in the Analytify WordPress plugin that allows authenticated users with low privileges to perfo...

This CVE describes a Missing Authorization vulnerability in the WP CTA PRO WordPress plugin that allows attackers to exploit incorrectly configured ac...

CVE-2023-47180 is a missing authorization vulnerability in the Finale Lite WordPress plugin that allows attackers to delete arbitrary content without ...

This CVE describes a Missing Authorization vulnerability in the Quill Forms WordPress plugin that allows attackers to exploit incorrectly configured a...

CVE-2023-46195 is a missing authorization vulnerability in the CoSchedule Headline Analyzer WordPress plugin, allowing attackers to bypass access cont...

This vulnerability allows attackers to bypass authorization controls in Kali Forms WordPress plugin, potentially accessing or modifying form data with...

This CVE describes a Missing Authorization vulnerability in the Smart Shopify Product WordPress plugin, allowing unauthorized users to delete arbitrar...

The WP BASE Booking plugin for WordPress has a missing capability check that allows authenticated users with Subscriber-level access or higher to expo...

This CVE describes a Missing Authorization vulnerability in the WordPress 'Order Delivery & Pickup Location Date Time' plugin that allows attackers to...

This CVE describes a Missing Authorization vulnerability in the Ksher WordPress payment plugin that allows attackers to bypass access controls. Attack...

This vulnerability in GeoVision GV-ASManager allows remote attackers to access sensitive information without proper authorization. Attackers can use d...

This CVE describes a missing authorization vulnerability in the GEO my WordPress plugin that allows attackers to bypass access controls. It affects al...

This CVE describes a Missing Authorization vulnerability in the Elite Notification WordPress plugin that allows attackers to exploit incorrectly confi...

This CVE describes a missing authorization vulnerability in the Easy Newsletter Signups WordPress plugin that allows attackers to bypass access contro...

This CVE describes a missing authorization vulnerability in the WPSchoolPress WordPress plugin that allows attackers to bypass access controls. It aff...

This CVE describes a missing authorization vulnerability in the Uncanny Toolkit for LearnDash WordPress plugin that allows attackers to bypass access ...

This vulnerability allows attackers to bypass authorization controls in the Easy Captcha WordPress plugin, potentially accessing administrative functi...

This CVE describes a missing authorization vulnerability in Slimstat Analytics WordPress plugin that allows attackers to bypass access controls. It af...