CWE-862: Missing Authorization

This CVE describes a Missing Authorization vulnerability in the ARForms WordPress plugin that allows authenticated users with subscriber-level permiss...

This CVE describes a Missing Authorization vulnerability in the FloristPress WordPress plugin, allowing unauthorized users to perform actions intended...

This CVE describes a Missing Authorization vulnerability in MultiVendorX's Product Catalog Enquiry for WooCommerce plugin. It allows attackers to expl...

This CVE describes a missing authorization vulnerability in the Essential Blocks for Gutenberg WordPress plugin that allows users with lower privilege...

This CVE describes a Missing Authorization vulnerability in the Themewinter Eventin WordPress plugin that allows authenticated users to exploit incorr...

This CVE describes a missing authorization vulnerability in the Awesome Support WordPress plugin that allows attackers to bypass access controls and p...

This CVE describes a Missing Authorization vulnerability in the IdeaPush WordPress plugin that allows attackers to exploit incorrectly configured acce...

This CVE describes a Missing Authorization vulnerability in the Sonaar Music MP3 Audio Player WordPress plugin that allows attackers to exploit incorr...

This CVE describes a Missing Authorization vulnerability in the WP Docs WordPress plugin that allows attackers to bypass access controls and access re...

This CVE describes a Missing Authorization vulnerability in the WP Quick Post Duplicator WordPress plugin that allows attackers to exploit incorrectly...

This CVE describes a Missing Authorization vulnerability in the Tencent Cloud COS WordPress plugin that allows attackers to exploit incorrectly config...

This CVE describes a Missing Authorization vulnerability in the LuckyWP Scripts Control WordPress plugin that allows attackers to exploit incorrectly ...

This CVE describes a Missing Authorization vulnerability in Apollo13Themes Apollo13 Framework Extensions WordPress plugin that allows attackers to byp...

This vulnerability allows attackers to bypass authorization controls in the WP-RecentComments WordPress plugin, potentially accessing restricted funct...

This CVE describes a Missing Authorization vulnerability in the WordPress Maspik plugin that allows attackers to change plugin settings via Cross-Site...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to view and delete payment gateway logs without proper ...

This CVE describes a Missing Authorization vulnerability in the WordPress Combo WP Rewrite Slugs plugin that allows attackers to change plugin setting...

The WP Log Viewer WordPress plugin has missing capability checks on AJAX endpoints, allowing authenticated users with Subscriber-level access or highe...

This CVE describes a Missing Authorization vulnerability in the LWS Affiliation WordPress plugin that allows attackers to bypass access controls. It a...

This CVE describes a broken access control vulnerability in the WPBackItUp Backup and Restore WordPress plugin. It allows unauthorized users to perfor...

This CVE describes a Missing Authorization vulnerability in the Icegram Collect WordPress plugin that allows attackers to exploit incorrectly configur...

This CVE describes a Missing Authorization vulnerability in the ReDi Restaurant Reservation WordPress plugin that allows attackers to access functiona...

This CVE describes a Missing Authorization vulnerability in the E2Pdf WordPress plugin that allows attackers to bypass access controls. It affects all...

This vulnerability allows attackers with subscriber-level access to perform unauthorized actions in Advanced Custom Fields PRO for WordPress. It affec...

This CVE describes a Missing Authorization vulnerability in the SEOPress WordPress plugin that allows attackers to exploit incorrectly configured acce...

The WPS Telegram Chat WordPress plugin has an authorization bypass vulnerability that allows unauthenticated attackers to view messages sent through t...

This vulnerability allows authenticated WordPress users with subscriber-level permissions to change the Paytium plugin's API keys without authorizatio...

This vulnerability allows authenticated WordPress users with subscriber-level permissions to cancel subscriptions managed by the Paytium plugin. It af...

This vulnerability allows authenticated low-privileged attackers to upload or delete files on Cisco NDFC devices via a specific REST API endpoint with...

This CVE-2024-45285 vulnerability in SAP's RFC-enabled function module allows low-privileged authenticated users to perform denial-of-service attacks ...

This CVE allows low-privileged users in SAP systems to modify other users' favorite node URLs and workbook IDs through an RFC-enabled function module....

This CVE allows low-privileged users to delete workplace favorites of any user in SAP systems, potentially exposing usernames and workplace/node infor...

The WP Accessibility Helper WordPress plugin has an authorization vulnerability that allows authenticated users with Subscriber-level access or higher...

The Sirv WordPress plugin has a missing capability check vulnerability that allows authenticated users with Subscriber-level access or higher to modif...

This CVE describes a Missing Authorization vulnerability in the WpDevArt Responsive Image Gallery, Gallery Album WordPress plugin. It allows unauthori...

This CVE allows low-privileged users without admin or power roles to create experimental items in Splunk Enterprise and Splunk Cloud Platform. This vi...

This CVE describes a Missing Authorization vulnerability in the Spectra WordPress plugin (formerly Ultimate Addons for Gutenberg) that allows unauthor...

This CVE describes a Missing Authorization vulnerability in the WordPress Pre-Publish Checklist plugin by Brainstorm Force. It allows unauthorized use...

This CVE describes a Missing Authorization vulnerability in the WooCommerce Ship to Multiple Addresses plugin for WordPress. It allows unauthorized us...

This CVE describes a Missing Authorization vulnerability in the Business Directory Plugin for WordPress. It allows unauthorized users to perform actio...

CVE-2023-38395 is a missing authorization vulnerability in the WP Clone Menu WordPress plugin that allows unauthorized users to perform administrative...

This vulnerability allows unauthorized users to access administrative functions in the BulkGate SMS Plugin for WooCommerce due to missing authorizatio...

This CVE describes a Missing Authorization vulnerability in the WordPress 'Import and export users and customers' plugin. It allows unauthorized users...

This CVE describes a Missing Authorization vulnerability in the Simple COD Fees for WooCommerce WordPress plugin. It allows unauthorized users to perf...

This CVE describes a Missing Authorization vulnerability in the WordPress Evergreen Content Poster plugin that allows unauthorized users to perform ac...

This CVE describes a Missing Authorization vulnerability in the WPZOOM Social Icons Widget & Block WordPress plugin. It allows attackers to perform un...

This CVE describes a Missing Authorization vulnerability in OnTheGoSystems' WooCommerce Multilingual & Multicurrency WordPress plugin. It allows unaut...

This CVE describes a Missing Authorization vulnerability in the Awesome Support WordPress plugin that allows unauthorized users to access restricted f...

This CVE describes a Missing Authorization vulnerability in the MainWP UpdraftPlus Extension for WordPress. It allows users with Subscriber-level perm...

This vulnerability in the Clever Fox WordPress plugin allows authenticated users with subscriber-level access or higher to change the active theme wit...