CWE-862: Missing Authorization

This CVE describes a missing authorization vulnerability in the mb.YTPlayer WordPress plugin that allows attackers to bypass access controls. Attacker...

This CVE describes a Missing Authorization vulnerability in the Elfsight Testimonials Slider WordPress plugin that allows attackers to bypass access c...

This CVE describes a Missing Authorization vulnerability in the WP Messiah Safe Ai Malware Protection for WordPress plugin. It allows attackers to exp...

This CVE describes a missing authorization vulnerability in the Envo Multipurpose WordPress theme that allows attackers to bypass access controls. It ...

This CVE describes a Missing Authorization vulnerability in weDevs WP ERP WordPress plugin that allows attackers to bypass access controls. It affects...

This CVE describes a missing authorization vulnerability in the wpzita Z Companion WordPress plugin that allows attackers to bypass access controls. I...

A missing authorization vulnerability in the Shahjada Live Forms WordPress plugin allows attackers to change plugin settings without proper authentica...

The Cardealer WordPress theme has a vulnerability that allows authenticated users with subscriber-level access or higher to modify or delete arbitrary...

CVE-2025-26995 is a missing authorization vulnerability in the Market Exporter WordPress plugin that allows attackers to bypass access controls and po...

This CVE describes a missing authorization vulnerability in the WordPress Sticky Header On Scroll plugin that allows attackers to bypass access contro...

CVE-2025-25241 is a missing authorization vulnerability in SAP applications that allows authenticated attackers to view and delete other users' overti...

This CVE describes a missing authorization vulnerability in the Metagauss Event Kikfyre WordPress plugin that allows attackers to bypass access contro...

This CVE describes a missing authorization vulnerability in the WordPress EmbedPress Document Block plugin that allows unauthorized users to perform a...

The WooCommerce Support Ticket System plugin for WordPress has missing capability checks on three AJAX functions, allowing authenticated attackers wit...

The Custom Related Posts WordPress plugin has a missing capability check vulnerability that allows authenticated users with Subscriber-level access or...

CVE-2025-23849 is a missing authorization vulnerability in the PAPERCITE WordPress plugin that allows attackers to bypass access controls and perform ...

This CVE describes a missing authorization vulnerability in the VForm WordPress plugin that allows attackers to bypass access controls. It affects all...

This CVE describes a missing authorization vulnerability in the WP Fast Total Search WordPress plugin that allows attackers to bypass access controls....

This CVE describes a Missing Authorization vulnerability in the WP Meetup WordPress plugin that allows attackers to change plugin settings without pro...

This CVE describes a missing authorization vulnerability in the Woo Tuner WordPress plugin that allows attackers to exploit incorrectly configured acc...

This CVE describes a missing authorization vulnerability in the Ella van Durpe Slides & Presentations WordPress plugin that allows attackers to bypass...

This CVE describes a Missing Authorization vulnerability in the WP Delete Post Copies WordPress plugin that allows attackers to exploit incorrectly co...

CVE-2023-23672 is a missing authorization vulnerability in the GiveWP WordPress plugin that allows authenticated users to delete arbitrary content wit...

CVE-2022-45811 is a missing authorization vulnerability in the WordPress Post Teaser plugin that allows attackers to perform unauthorized actions. Thi...

This CVE describes a missing authorization vulnerability in the Xtemos WoodMart WordPress theme that allows attackers to bypass access controls. Attac...

This CVE describes a Missing Authorization vulnerability in the Data Tables Generator by Supsystic WordPress plugin. It allows attackers to exploit in...

This CVE describes a Missing Authorization vulnerability in the WP Royal Ashe Extra WordPress plugin that allows attackers to exploit incorrectly conf...

This CVE describes a Missing Authorization vulnerability in Dragfy Addons for Elementor WordPress plugin that allows attackers to exploit incorrectly ...

This CVE describes a Missing Authorization vulnerability in the WordPress Animated Rotating Words plugin that allows attackers to exploit incorrectly ...

This CVE describes a Missing Authorization vulnerability in the KaizenCoders Short URL WordPress plugin that allows attackers to exploit incorrectly c...

This CVE describes a missing authorization vulnerability in the TCBarrett Glossary WordPress plugin that allows attackers to exploit incorrectly confi...

This CVE describes a missing authorization vulnerability in the WebToffee WordPress Backup & Migration plugin that allows attackers to bypass access c...

CVE-2024-49686 is a missing authorization vulnerability in the Landing Page Cat WordPress plugin that allows attackers to perform unauthorized actions...

This CVE describes a Missing Authorization vulnerability in the Premium Addons for Elementor WordPress plugin. It allows attackers to access functiona...

The WC Price History for Omnibus WordPress plugin has missing capability checks on AJAX actions, allowing authenticated users with Subscriber-level ac...

This CVE describes a Missing Authorization vulnerability in the WordPress Mark New Posts plugin that allows attackers to bypass access controls. It af...

This CVE describes a missing authorization vulnerability in the Inactive Logout WordPress plugin that allows attackers to bypass access controls. It a...

This CVE describes a Missing Authorization vulnerability in the Click To Tweet WordPress plugin that allows attackers to exploit incorrectly configure...

This CVE describes a missing authorization vulnerability in the Pechenki TelSender WordPress plugin that allows attackers to bypass access controls. A...

This CVE describes a Missing Authorization vulnerability in the Bulk NoIndex & NoFollow Toolkit WordPress plugin. It allows attackers to exploit incor...

This CVE describes a missing authorization vulnerability in the Easyship WooCommerce Shipping Rates plugin that allows attackers to exploit incorrectl...

CVE-2023-36519 is a missing authorization vulnerability in the SW Product Bundles WordPress plugin that allows attackers to bypass access controls and...

This CVE describes a missing authorization vulnerability in the WordPress Image Regenerate & Select Crop plugin that allows attackers to exploit incor...

This CVE describes a missing authorization vulnerability in the Contact Forms by Cimatti WordPress plugin that allows attackers to bypass access contr...

This CVE describes a Missing Authorization vulnerability in the Booking Ultra Pro WordPress plugin that allows attackers to bypass access controls. It...

This CVE describes a Missing Authorization vulnerability in the MobileMonkey WP-Chatbot for Messenger WordPress plugin. It allows attackers to bypass ...

This CVE describes a Missing Authorization vulnerability in the GS Pins for Pinterest WordPress plugin that allows attackers to bypass access controls...

This CVE describes a missing authorization vulnerability in the Sunshine Photo Cart WordPress plugin that allows attackers to exploit incorrectly conf...

This CVE describes a missing authorization vulnerability in the Robo Gallery WordPress plugin that allows attackers to exploit incorrectly configured ...

This vulnerability allows any authenticated user on the main XWiki wiki to execute scheduling operations on subwikis without proper authorization. It ...