CWE-862: Missing Authorization

This CVE describes a Missing Authorization vulnerability in the Product Delivery Date for WooCommerce – Lite WordPress plugin that allows attackers ...

This CVE describes a missing authorization vulnerability in the HR Management Lite WordPress plugin that allows attackers to bypass access controls. I...

This CVE describes a Missing Authorization vulnerability in the Better Elementor Addons WordPress plugin that allows attackers to bypass access contro...

This CVE describes a Missing Authorization vulnerability in HappyFiles Pro WordPress plugin that allows attackers to bypass access controls. It affect...

This vulnerability allows authenticated WordPress users with Contributor-level access or higher to bypass authorization checks in the Image Photo Gall...

This CVE describes a missing authorization vulnerability in the Sparkle WP Construction Light WordPress theme that allows attackers to bypass intended...

This CVE describes a missing authorization vulnerability in the Sparkle FSE WordPress theme that allows attackers to bypass access controls. It affect...

This CVE describes a Missing Authorization vulnerability in the Huger for Elementor WordPress plugin that allows attackers to bypass access controls. ...

This CVE describes a Missing Authorization vulnerability in the Ultimate Auction WordPress plugin that allows attackers to bypass access controls. It ...

This CVE describes a Missing Authorization vulnerability in the Buttoner for Elementor WordPress plugin that allows attackers to change plugin setting...

This CVE describes a Missing Authorization vulnerability in the Reformer for Elementor WordPress plugin that allows attackers to exploit incorrectly c...

This CVE describes a missing authorization vulnerability in the Modalier for Elementor WordPress plugin that allows attackers to bypass access control...

This CVE describes a Missing Authorization vulnerability in the merkulove Lottier WordPress plugin that allows attackers to bypass access controls. It...

This CVE describes a Missing Authorization vulnerability in the FileBird Pro WordPress plugin that allows attackers to bypass access controls. Attacke...

This CVE describes a Missing Authorization vulnerability in the merkulove Coder for Elementor WordPress plugin that allows attackers to exploit incorr...

This CVE describes a missing authorization vulnerability in the Grider for Elementor WordPress plugin that allows attackers to bypass intended access ...

This CVE describes a Missing Authorization vulnerability in the Spoter for Elementor WordPress plugin that allows attackers to exploit incorrectly con...

This CVE describes a Missing Authorization vulnerability in the Masker for Elementor WordPress plugin that allows attackers to exploit incorrectly con...

This CVE describes a Missing Authorization vulnerability in the Laser WordPress plugin that allows attackers to bypass access controls. It affects all...

This CVE describes a Missing Authorization vulnerability in the Lottier for WPBakery WordPress plugin that allows attackers to exploit incorrectly con...

This CVE describes a Missing Authorization vulnerability in the Lottier for Elementor WordPress plugin that allows attackers to bypass intended access...

This CVE describes a missing authorization vulnerability in the Essential Real Estate WordPress plugin that allows attackers to bypass access controls...

This CVE describes a missing authorization vulnerability in the Stylish Price List WordPress plugin that allows attackers to exploit incorrectly confi...

This CVE describes a missing authorization vulnerability in the Feeds for YouTube WordPress plugin that allows attackers to bypass access controls. It...

This vulnerability allows users with Contributor-level access in WordPress to modify reCAPTCHA settings in the Spectra plugin, which should be restric...

This CVE describes a Missing Authorization vulnerability in the vcita Online Booking & Scheduling Calendar WordPress plugin that allows attackers to e...

This CVE describes a missing authorization vulnerability in the Debug Log Viewer WordPress plugin that allows unauthorized users to access debug logs....

This CVE describes a Missing Authorization vulnerability in the WordPress Page View Count plugin that allows unauthorized users to change plugin setti...

This vulnerability allows unauthorized users to access functionality intended only for authenticated users in the Order Delivery Date for WooCommerce ...

This CVE describes a missing authorization vulnerability in the Litho Addons WordPress plugin that allows attackers to bypass access controls. It affe...

This CVE describes a Missing Authorization vulnerability in the Яндекс Доставка (Boxberry) WordPress plugin that allows attackers to exp...

The Post SMTP WordPress plugin has an authorization bypass vulnerability that allows authenticated attackers with subscriber-level access or higher to...

This vulnerability in the Blog2Social WordPress plugin allows authenticated users with Subscriber-level access or higher to trash arbitrary posts with...

This CVE describes a Missing Authorization vulnerability in the Better Chat Support for Messenger WordPress plugin that allows attackers to bypass acc...

This CVE describes a Missing Authorization vulnerability in the WP Google Review Slider WordPress plugin that allows attackers to exploit incorrectly ...

SOPlanning versions before 1.55 have a broken access control vulnerability in the /status endpoint that allows authenticated attackers to manipulate p...

This vulnerability allows unauthorized deletion of forum posts, careers, comments, gallery items, and events in SourceCodester Alumni Management Syste...

This vulnerability allows authenticated WordPress users with contributor-level permissions or higher to delete arbitrary posts without proper authoriz...

This CVE describes a Missing Authorization vulnerability in the WP Content Pilot WordPress plugin that allows attackers to exploit incorrectly configu...

This vulnerability in Jenkins Publish to Bitbucket Plugin allows attackers with Overall/Read permission to connect to attacker-controlled URLs using s...

The Jenkins MCP Server Plugin vulnerability allows attackers to bypass permission checks and trigger unauthorized builds or access sensitive job/cloud...

This CVE describes a missing authorization vulnerability in the MasterStudy LMS Pro WordPress plugin that allows attackers to bypass access controls a...

This CVE describes a missing authorization vulnerability in the Masterstudy Elementor Widgets WordPress plugin that allows attackers to exploit incorr...

The Microsoft Azure Storage for WordPress plugin has a vulnerability that allows authenticated users with subscriber-level access or higher to delete ...

This CVE describes a Missing Authorization vulnerability in the StellarWP Event Tickets WordPress plugin that allows unauthorized users to perform act...

This CVE describes a missing authorization vulnerability in the SmartCrawl SEO WordPress plugin that allows authenticated users to perform actions the...

This CVE describes a missing authorization vulnerability in the accessiBe WordPress plugin that allows attackers to bypass access controls. It affects...

This vulnerability allows authenticated WordPress users with Contributor-level access or higher to export and import site options without proper autho...

This vulnerability allows attackers to create verified user accounts with arbitrary email domains during Slack imports in Mattermost. Attackers can by...

This CVE describes a missing authorization vulnerability in the Grand Conference Theme Custom Post Type WordPress plugin that allows attackers to bypa...