CWE-862: Missing Authorization

CVE-2022-46796 is a Missing Authorization vulnerability in VillaTheme CURCY (WooCommerce Multi-Currency) WordPress plugin that allows unauthenticated ...

This CVE describes a Missing Authorization vulnerability in LA-Studio Element Kit for Elementor WordPress plugin. It allows attackers to exploit incor...

This CVE describes a Missing Authorization vulnerability in the Sharkdropship WordPress plugin that allows attackers to bypass access controls. It aff...

This CVE describes a Missing Authorization vulnerability in the 360 Javascript Viewer WordPress plugin that allows attackers to exploit incorrectly co...

This CVE describes a Missing Authorization vulnerability in the Mondial Relay WooCommerce - WCMultiShipping plugin for WordPress. It allows attackers ...

This CVE describes a missing authorization vulnerability in the NicheAddons Restaurant & Cafe Addon for Elementor WordPress plugin. It allows attacker...

This CVE describes a Missing Authorization vulnerability in the Ditty WordPress plugin that allows attackers to bypass access controls. It affects all...

This CVE describes a Missing Authorization vulnerability in the Ni WooCommerce Sales Report WordPress plugin that allows attackers to bypass access co...

This CVE describes a missing authorization vulnerability in the WP Repost WordPress plugin that allows attackers to bypass access controls. Attackers ...

This CVE describes a missing authorization vulnerability in the Fullworks Quick Contact Form WordPress plugin that allows attackers to exploit incorre...

This CVE describes a missing authorization vulnerability in the WP Mailster WordPress plugin that allows attackers to bypass access controls. Attacker...

CVE-2024-49581 is an authorization bypass vulnerability in Palantir Foundry's Object Explorer where users without proper permissions could view restri...

The ProfileGrid WordPress plugin has an authorization vulnerability that allows authenticated users (even with low-privilege subscriber accounts) to d...

The Styler for Ninja Forms WordPress plugin has a missing capability check that allows authenticated users with Subscriber-level access or higher to d...

The CE21 Suite WordPress plugin up to version 2.2.0 has an authentication bypass vulnerability that allows unauthenticated attackers to modify plugin ...

This CVE describes a Missing Authorization vulnerability in the WPVibes Elementor Addon Elements WordPress plugin. It allows attackers to exploit inco...

This CVE describes a missing authorization vulnerability in the Templately WordPress plugin that allows attackers to access functionality not properly...

This CVE describes a Missing Authorization vulnerability in the Blockbooster WordPress theme that allows attackers to access functionality not properl...

CVE-2024-43929 is a missing authorization vulnerability in the eyecix JobSearch WordPress plugin that allows attackers to access functionality not pro...

This CVE describes a missing authorization vulnerability in the UkrSolution Print Barcode Labels for WooCommerce WordPress plugin. It allows attackers...

This CVE describes a missing authorization vulnerability in the Bitly WordPress plugin that allows attackers to access functionality not properly cons...

This CVE describes a Missing Authorization vulnerability in the Robin Image Optimizer WordPress plugin that allows attackers to exploit incorrectly co...

This CVE describes a Missing Authorization vulnerability in the CreativeMotion Titan Anti-spam & Security WordPress plugin that allows attackers to by...

CVE-2024-38771 is a missing authorization vulnerability in the Atarim WordPress plugin that allows attackers to access functionality not properly cons...

This CVE describes a missing authorization vulnerability in the Charitable WordPress plugin that allows attackers to access functionality not properly...

This CVE describes a missing authorization vulnerability in the WordPress Newspack Content Converter plugin that allows attackers to bypass access con...

This CVE describes a broken access control vulnerability in the Prism IT Systems User Rights Access Manager WordPress plugin. It allows unauthorized u...

This CVE describes a missing authorization vulnerability in the Templately WordPress plugin that allows attackers to bypass access controls. It affect...

The Download Plugin for WordPress has missing capability checks that allow authenticated attackers with Subscriber-level access or higher to download ...

This vulnerability in the Premium Addons for Elementor WordPress plugin allows authenticated attackers with subscriber-level access or higher to modif...

The Linkz.ai WordPress plugin versions up to 1.1.8 contain missing capability checks on the 'check_auth' and 'check_logout' functions, allowing unauth...

The Rank Math SEO WordPress plugin has an authorization bypass vulnerability that allows unauthenticated attackers to modify or delete metadata. This ...

This vulnerability allows unauthenticated attackers to change plugin settings in the Z Y N I T H WordPress plugin. It affects all WordPress sites runn...

This vulnerability allows unauthenticated attackers to deactivate the Smart Online Order for Clover WordPress plugin and delete all its database table...

The GiveWP WordPress plugin has an authorization bypass vulnerability that allows unauthenticated attackers to modify event ticket settings when the E...

CVE-2024-42376 is an authorization bypass vulnerability in SAP Shared Service Framework where authenticated users can escalate privileges without prop...

The Social Auto Poster WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to delete arbitrary posts. Th...

This vulnerability in the ArtPlacer Widget WordPress plugin allows any authenticated user, including low-privilege subscribers, to delete arbitrary wi...

The Sparkle Demo Importer WordPress plugin has missing capability checks that allow authenticated attackers with Subscriber-level access or higher to ...

The Materialis WordPress theme has an authorization bypass vulnerability that allows authenticated users with minimal permissions (like subscribers) t...

This CVE describes a Missing Authorization (Broken Access Control) vulnerability in the WooCommerce Ship to Multiple Addresses WordPress plugin. It al...

CVE-2023-35050 is a missing authorization vulnerability in Elementor Pro WordPress plugin that allows subscribers to perform actions intended only for...

This vulnerability in the Scheduling Plugin – Online Booking for WordPress allows unauthenticated attackers to disconnect the plugin from the startb...

This CVE describes a Missing Authorization vulnerability in the WooCommerce Warranty Requests WordPress plugin. It allows unauthorized users to access...

This CVE describes a Missing Authorization vulnerability in the SKU Label Changer For WooCommerce WordPress plugin. It allows attackers to perform una...

This CVE describes a Missing Authorization vulnerability in the BookingPress WordPress plugin that allows unauthenticated users to manipulate appointm...

This CVE describes a Missing Authorization vulnerability in the If-So Dynamic Content Personalization WordPress plugin. It allows unauthorized users t...

This CVE describes a Missing Authorization vulnerability in the Copymatic WordPress plugin that allows unauthorized users to perform actions intended ...

CVE-2024-34691 is an authorization bypass vulnerability in SAP S/4HANA's Manage Incoming Payment Files (F1680) transaction. Authenticated users can pe...

This CVE describes a Missing Authorization vulnerability in YITH WooCommerce Account Funds Premium plugin for WordPress. It allows attackers to bypass...