CWE-862: Missing Authorization

This CVE describes a missing authorization vulnerability in the ListingPro WordPress plugin that allows attackers to bypass intended access controls. ...

This vulnerability allows attackers to bypass authorization controls in TheGem (Elementor) WordPress theme, potentially accessing restricted functiona...

This CVE describes a missing authorization vulnerability in the TheGem WordPress theme that allows attackers to bypass access controls. Attackers coul...

This vulnerability allows attackers to bypass authorization controls in WP User Frontend, potentially accessing or modifying content they shouldn't ha...

This CVE describes a missing authorization vulnerability in the WordPress ListingPro Reviews plugin that allows attackers to bypass access controls. I...

This CVE describes a Missing Authorization vulnerability in the Oshine Core WordPress plugin that allows attackers to bypass access controls. Attacker...

This CVE describes a missing authorization vulnerability in the All In One SEO Pack WordPress plugin that allows attackers to exploit incorrectly conf...

This CVE describes a Missing Authorization vulnerability in the Blog Designer WordPress plugin that allows attackers to bypass access controls. It aff...

This CVE describes a missing authorization vulnerability in the Clariti WordPress plugin that allows attackers to bypass access controls. It affects a...

This CVE describes a missing authorization vulnerability in the Ongkoskirim.id WordPress plugin that allows attackers to bypass access controls. It af...

The Kubio AI Page Builder WordPress plugin has an authorization bypass vulnerability that allows authenticated users with Subscriber-level access or h...

The My WP Translate WordPress plugin has a missing capability check vulnerability that allows authenticated users with Subscriber-level access or high...

This CVE describes a Missing Authorization vulnerability in Equalize Digital Accessibility Checker WordPress plugin that allows attackers to bypass ac...

This CVE describes a missing authorization vulnerability in the Spreadconnect WordPress plugin that allows unauthorized users to access functionality ...

This CVE describes a missing authorization vulnerability in Ivanti secure access products that allows authenticated users with read-only admin privile...

This CVE describes a missing authorization vulnerability in Ivanti secure access products that allows authenticated users with read-only admin privile...

CVE-2025-42915 is an authorization bypass vulnerability in SAP Fiori's Manage Payment Blocks app where insufficient privilege checks allow basic users...

This CVE describes a Missing Authorization vulnerability in the LifePress WordPress plugin that allows attackers to bypass access controls. It affects...

This CVE describes a Missing Authorization vulnerability in the WP Membership WordPress plugin that allows attackers to change plugin settings without...

This CVE describes a Missing Authorization vulnerability in the HasTech HT Mega WordPress plugin that allows attackers to bypass access controls. Atta...

This vulnerability in LitmusChaos Litmus allows unauthorized deletion of projects due to missing authorization checks in the delete project endpoint. ...

This CVE describes a missing authorization vulnerability in the Chatbox Manager WordPress plugin that allows attackers to bypass access controls. Atta...

This CVE describes a missing authorization vulnerability in The Plus Addons for Elementor Pro WordPress plugin. It allows attackers to bypass access c...

This CVE describes a missing authorization vulnerability in the WooCommerce Fortnox Integration plugin for WordPress. Attackers can exploit incorrectl...

This CVE describes a Missing Authorization vulnerability in the Kata Plus WordPress plugin by Climax Themes. It allows attackers to bypass access cont...

The GiveWP WordPress plugin has an authorization bypass vulnerability that allows authenticated users with Contributor-level permissions or higher to ...

This CVE describes a missing authorization vulnerability in the onOffice for WP-Websites WordPress plugin that allows attackers to bypass intended acc...

This CVE describes a missing authorization vulnerability in Ability, Inc's Accessibility Suite WordPress plugin that allows attackers to bypass intend...

This CVE describes a Missing Authorization vulnerability in the Custom Category/Post Type Post order WordPress plugin that allows attackers to exploit...

This CVE describes a Missing Authorization vulnerability in the Responsive Flipbooks WordPress plugin that allows attackers to bypass access controls....

This CVE describes a Missing Authorization vulnerability in the Eniture Technology LTL Freight Quotes WordPress plugin that allows attackers to exploi...

This CVE describes a missing authorization vulnerability in the Customify WordPress theme that allows attackers to bypass access controls. It affects ...

This CVE describes a Missing Authorization vulnerability in The Events Calendar WordPress plugin that allows attackers to exploit incorrectly configur...

This CVE describes a Missing Authorization vulnerability in the ClickWhale WordPress plugin that allows attackers to exploit incorrectly configured ac...

This CVE describes a Missing Authorization vulnerability in the Calculate Prices based on Distance For WooCommerce WordPress plugin. It allows attacke...

This CVE describes a Missing Authorization vulnerability in the Graphina WordPress plugin that allows attackers to bypass access controls. It affects ...

This CVE describes a Missing Authorization vulnerability in the Music Player for WooCommerce WordPress plugin. It allows attackers to bypass intended ...

This CVE describes a missing authorization vulnerability in WP Shuffle WP Subscription Forms WordPress plugin that allows attackers to bypass access c...

This CVE describes a Missing Authorization vulnerability in the WordPress Dynamic Post plugin that allows unauthorized users to change plugin settings...

This CVE describes a missing authorization vulnerability in the Tim Nguyen 1-Click Backup & Restore Database WordPress plugin. It allows attackers to ...

This CVE describes a missing authorization vulnerability in the TableOn WordPress plugin that allows attackers to bypass intended access controls. Wor...

A missing authorization vulnerability in the Dimitri Grassi Salon booking system WordPress plugin allows attackers to bypass access controls and perfo...

This CVE describes a Missing Authorization vulnerability in the WR Price List Manager For Woocommerce WordPress plugin that allows attackers to delete...

This CVE describes a Missing Authorization vulnerability in the UPC/EAN/GTIN Code Generator WordPress plugin that allows unauthorized users to change ...

This CVE describes a Missing Authorization vulnerability in the Ni WooCommerce Cost Of Goods plugin for WordPress. It allows attackers to exploit inco...

This CVE describes a missing authorization vulnerability in the Mobile App Canvas WordPress plugin that allows attackers to bypass access controls. It...

A missing authorization vulnerability in Shiptimize for WooCommerce allows attackers to change plugin settings without proper authentication. This aff...

This CVE describes a missing authorization vulnerability in the Pin Generator WordPress plugin that allows attackers to bypass access controls. Attack...

This CVE describes a missing authorization vulnerability in the mb.YTPlayer WordPress plugin that allows attackers to bypass access controls. Attacker...

This CVE describes a Missing Authorization vulnerability in the Elfsight Testimonials Slider WordPress plugin that allows attackers to bypass access c...