CWE-862: Missing Authorization

This CVE describes a Missing Authorization vulnerability in the Booster Plus for WooCommerce WordPress plugin. Authenticated users can delete arbitrar...

This CVE-2024-2035 vulnerability allows any authenticated user in the ZenML platform to modify other users' information, including deactivating their ...

CVE-2024-33938 is a missing authorization vulnerability in the WordPress Sliding Widgets plugin that allows attackers to perform cross-site scripting ...

This CVE describes a missing authorization vulnerability in the WordPress SchedulePress plugin that allows unauthorized users to perform actions they ...

This vulnerability in BMC Track-It! allows authenticated attackers to access sensitive information through the GetData endpoint due to missing authori...

This CVE describes a Missing Authorization vulnerability in the ilGhera JW Player for WordPress plugin. It allows attackers to perform actions without...

This CVE describes a Missing Authorization vulnerability in the RomethemeKit For Elementor WordPress plugin. It allows attackers to bypass access cont...

This vulnerability in Tutor LMS WordPress plugin allows unauthenticated attackers to enable user registration on WordPress sites where it was previous...

This CVE describes a Missing Authorization vulnerability in the Kestrel WooCommerce AWeber Newsletter Subscription WordPress plugin. It allows unauthe...

CVE-2022-0579 is a missing authorization vulnerability in Snipe-IT asset management software that allows authenticated users to access unauthorized fu...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to inject malicious JavaScript into AffiliateX plugin s...

This CVE describes an authorization bypass vulnerability in TYPO3 CMS where backend users with redirect module access and write permissions could mani...

This vulnerability in the Flow-Flow Social Feed Stream WordPress plugin allows authenticated attackers with Subscriber-level access or higher to modif...

The UiPress Lite WordPress plugin has an authorization vulnerability that allows authenticated users with Subscriber-level access or higher to save te...

The Simple Downloads List WordPress plugin has an authorization bypass vulnerability that allows authenticated users with Subscriber-level access or h...

This vulnerability in flaskBlog v2.6.1 allows attackers to delete arbitrary user accounts without proper authorization. Attackers can exploit incorrec...

A missing authorization vulnerability in Spider Elements – Addons for Elementor WordPress plugin allows attackers to bypass intended access controls...

This CVE describes a missing authorization vulnerability in the Think201 Clients WordPress plugin that allows attackers to bypass access controls. It ...

This vulnerability allows authenticated attackers with Subscriber-level access or higher to inject malicious scripts into WordPress sites using the Pu...

This CVE describes a missing authorization vulnerability in the Sprout Invoices WordPress plugin that allows attackers to bypass access controls. It a...

This vulnerability in the Greenshift WordPress plugin allows authenticated users with Subscriber-level access or higher to perform Server-Side Request...

A missing authorization vulnerability in POSIMYTH Nexter Blocks WordPress plugin allows attackers to exploit incorrectly configured access control sec...

This CVE describes a Missing Authorization vulnerability in the MightyForms WordPress plugin that allows attackers to bypass access controls and perfo...

This CVE describes a Missing Authorization vulnerability in the Themeum WP Crowdfunding WordPress plugin that allows attackers to change plugin settin...

This CVE describes a Missing Authorization vulnerability in the WordPress plugin 'Registrations for the Events Calendar' that allows attackers to bypa...

This vulnerability in CVAT allows authenticated attackers to view webhook delivery information for any webhook on the instance, including those belong...

This vulnerability in WooCommerce Product Table Lite plugin allows authenticated users with subscriber-level access or higher to modify arbitrary post...

This vulnerability allows remote attackers to delete workflow instances without proper authorization in Dromara RuoYi-Vue-Plus. It affects systems run...

This vulnerability in PHPGurukul Small CRM 4.0 allows unauthorized access to the edit-user.php admin function, enabling attackers to modify user accou...

This CVE describes a Missing Authorization vulnerability in the XStore WordPress theme that allows attackers to bypass access controls. It affects all...

This CVE describes a broken access control vulnerability in Milestone Systems XProtect VMS where users with read-only access to the Management Server ...

This vulnerability in Synology Mail Server allows authenticated remote attackers to modify non-sensitive settings and disable certain non-critical fun...

This CVE describes a missing authorization vulnerability in the JetFormBuilder WordPress plugin that allows attackers to bypass access controls. Attac...

This vulnerability in IBM App Connect Enterprise allows authenticated users to perform unauthorized actions on customer-defined resources due to missi...

This CVE describes a Missing Authorization vulnerability in the Breeze Checkout WordPress plugin that allows attackers to bypass access controls. It a...

This CVE describes a missing authorization vulnerability in JhumanJ OpnForm's API endpoint at /custom-domains. Attackers can exploit this to perform u...

This critical vulnerability in xujeff tianti (天梯) up to version 2.3 allows remote attackers to bypass authorization controls on the /tianti-module...

The Lead Form Data Collection to CRM WordPress plugin has a missing capability check vulnerability that allows authenticated attackers with Subscriber...

CVE-2025-23440 is a missing authorization vulnerability in the radSLIDE WordPress plugin that allows attackers to bypass access controls and potential...

This CVE describes a missing authorization vulnerability in the EPC Photography WordPress theme that allows unauthorized users to access restricted fu...

CVE-2025-1214 is a critical missing authorization vulnerability in PiHome 2.0's role-based access control system that allows remote attackers to bypas...

The MagicForm WordPress plugin has an authorization vulnerability that allows authenticated users with Subscriber-level permissions or higher to perfo...

The AI Power WordPress plugin has an authorization vulnerability that allows authenticated users with Subscriber-level access or higher to upload imag...

This CVE describes a Missing Authorization vulnerability in the Sonaar Music MP3 Audio Player WordPress plugin that allows attackers to access functio...

This CVE describes a missing authorization vulnerability in Pinpoint Booking System WordPress plugin that allows attackers to bypass access controls. ...

CVE-2023-27449 is a missing authorization vulnerability in TotalSuite Total Poll Lite WordPress plugin that allows attackers to exploit incorrectly co...

This vulnerability in the Freemius SDK allows attackers to perform Cross-Site Request Forgery attacks and access sensitive information due to missing ...

The Discount Rules for WooCommerce WordPress plugin has missing authorization checks on AJAX endpoints, allowing authenticated users with subscriber-l...

This vulnerability in the WordPress Spreadsheet Integration plugin allows authenticated attackers with Subscriber-level access or higher to modify dat...

This vulnerability allows authenticated WordPress users with subscriber-level access or higher to modify forms and settings in the Classified Listing ...