CWE-862: Missing Authorization

This CVE describes a Missing Authorization vulnerability in the WordPress AJAX Hits Counter + Popular Posts Widget plugin. It allows attackers to expl...

This CVE describes a Missing Authorization vulnerability in WisdmLabs Edwiser Bridge WordPress plugin that allows attackers to bypass access controls ...

This CVE describes a Missing Authorization vulnerability in the Cloudinary WordPress plugin that allows attackers to bypass access controls. It affect...

This CVE describes a Missing Authorization vulnerability in the FluentBoards WordPress plugin that allows attackers to exploit incorrectly configured ...

This CVE describes a Missing Authorization vulnerability in the Monetag Official WordPress plugin that allows attackers to exploit incorrectly configu...

This CVE describes a missing authorization vulnerability in the WordPress Integrate Google Drive plugin that allows attackers to bypass access control...

This CVE describes a Missing Authorization vulnerability in the Premium Addons for Elementor WordPress plugin that allows attackers to change plugin s...

This CVE describes a Missing Authorization vulnerability in the merkulove Scroller WordPress plugin that allows attackers to bypass access controls. I...

This CVE describes a Missing Authorization vulnerability in the Comparimager for Elementor WordPress plugin that allows attackers to bypass access con...

This CVE describes a Missing Authorization vulnerability in the merkulove Crumber Elementor WordPress plugin that allows attackers to exploit incorrec...

This CVE describes a Missing Authorization vulnerability in the Audier For Elementor WordPress plugin that allows attackers to exploit incorrectly con...

This CVE describes a Missing Authorization vulnerability in the Uper for Elementor WordPress plugin that allows attackers to exploit incorrectly confi...

This vulnerability allows authenticated WordPress users with subscriber-level access or higher to delete arbitrary attachments on sites running vulner...

The Events Calendar WordPress plugin has an authorization bypass vulnerability that allows authenticated users with subscriber-level access or higher ...

The Image Photo Gallery Final Tiles Grid WordPress plugin has insufficient access controls on AJAX endpoints, allowing authenticated users with Contri...

CrawlChat versions before 0.0.8 lack proper permission checks for Discord bot commands, allowing any Discord guild member to inject malicious content ...

The WP-CRM System WordPress plugin has missing capability checks on two AJAX functions, allowing authenticated users with subscriber-level access or h...

The WP Duplicate Page WordPress plugin has an authorization bypass vulnerability that allows authenticated users with Contributor-level access or high...

This CVE describes a Missing Authorization vulnerability in the LPagery WordPress plugin that allows attackers to bypass access controls. Attackers ca...

This CVE describes a Missing Authorization vulnerability in the GA4WP: Google Analytics for WordPress plugin that allows attackers to exploit incorrec...

The aBlocks WordPress plugin has missing capability checks on AJAX actions, allowing authenticated attackers with subscriber-level access to read sens...

This CVE describes a Missing Authorization vulnerability in the WPCenter AffiliateX WordPress plugin that allows attackers to exploit incorrectly conf...

This CVE describes a missing authorization vulnerability in the CoolHappy The Events Calendar Countdown Addon for WordPress. It allows attackers to ex...

This CVE describes a Missing Authorization vulnerability in the Fahad Mahmood RSS Feed Widget WordPress plugin that allows attackers to exploit incorr...

This CVE describes a missing authorization vulnerability in StellarWP's The Events Calendar WordPress plugin that allows attackers to bypass intended ...

This CVE describes a missing authorization vulnerability in the WordPress Proxy & VPN Blocker plugin that allows attackers to bypass access controls. ...

This CVE describes a Missing Authorization vulnerability in the Better Business Reviews WordPress plugin that allows attackers to exploit incorrectly ...

This CVE describes a Missing Authorization vulnerability in the WeDesignTech Ultimate Booking Addon WordPress plugin that allows attackers to bypass a...

This CVE describes a Missing Authorization vulnerability in BoldGrid Post and Page Builder WordPress plugin that allows attackers to bypass access con...

This CVE describes a Missing Authorization vulnerability in the Worker for Elementor WordPress plugin that allows attackers to exploit incorrectly con...

This CVE describes a Missing Authorization vulnerability in the Worker for WPBakery WordPress plugin that allows attackers to bypass access controls. ...

A missing authorization vulnerability in the Logger for Elementor WordPress plugin allows attackers to bypass access controls and potentially view or ...

This CVE describes a Missing Authorization vulnerability in the Conformer for Elementor WordPress plugin that allows attackers to bypass intended acce...

This CVE describes a Missing Authorization vulnerability in the merkulove UnGrabber WordPress plugin that allows attackers to bypass access controls. ...

This CVE describes a Missing Authorization vulnerability in the merkulove Appender WordPress plugin that allows attackers to exploit incorrectly confi...

This CVE describes a missing authorization vulnerability in the Countdowner for Elementor WordPress plugin that allows attackers to bypass access cont...

This CVE describes a Missing Authorization vulnerability in the merkulove Criptopayer for Elementor WordPress plugin that allows attackers to exploit ...

This CVE describes a Missing Authorization vulnerability in the Headinger for Elementor WordPress plugin that allows attackers to exploit incorrectly ...

This CVE describes a Missing Authorization vulnerability in the Gmaper for Elementor WordPress plugin that allows attackers to bypass intended access ...

This CVE describes a Missing Authorization vulnerability in the Walker for Elementor WordPress plugin that allows attackers to exploit incorrectly con...

This CVE describes a Missing Authorization vulnerability in the Select Graphist for Elementor WordPress plugin that allows attackers to exploit incorr...

This CVE describes a Missing Authorization vulnerability in the Questionar for Elementor WordPress plugin that allows attackers to bypass intended acc...

CVE-2025-66156 is a missing authorization vulnerability in the Watcher for Elementor WordPress plugin that allows attackers to bypass access controls ...

A missing authorization vulnerability in the merkulove Slider for Elementor WordPress plugin allows attackers to bypass intended access controls. This...

This CVE describes a Missing Authorization vulnerability in the Couponer for Elementor WordPress plugin that allows attackers to exploit incorrectly c...

This CVE describes a Missing Authorization vulnerability in the WP Attachments WordPress plugin that allows attackers to bypass intended access contro...

This CVE describes a Missing Authorization vulnerability in the Vollstart Serial Codes Generator and Validator with WooCommerce Support WordPress plug...

This CVE describes a Missing Authorization vulnerability in the Totalsoft Portfolio Gallery WordPress plugin that allows attackers to bypass access co...

This CVE describes a Missing Authorization vulnerability in the SaifuMak Add Custom Codes WordPress plugin that allows attackers to bypass access cont...

This CVE describes a Missing Authorization vulnerability in the WordPress Core Web Vitals & PageSpeed Booster plugin that allows attackers to exploit ...