CWE-862: Missing Authorization

This CVE describes a Missing Authorization vulnerability in OnTheGoSystems' WooCommerce Multilingual & Multicurrency WordPress plugin. It allows unaut...

This CVE describes a Missing Authorization vulnerability in the Awesome Support WordPress plugin that allows unauthorized users to access restricted f...

This CVE describes a Missing Authorization vulnerability in the MainWP UpdraftPlus Extension for WordPress. It allows users with Subscriber-level perm...

This vulnerability in the Clever Fox WordPress plugin allows authenticated users with subscriber-level access or higher to change the active theme wit...

This vulnerability in the WordPress Countdown & Clock plugin allows authenticated attackers with subscriber-level access or higher to inject PHP objec...

This CVE describes a Missing Authorization vulnerability in the Spiffy Calendar WordPress plugin, allowing unauthorized users to perform actions inten...

The Analytify WordPress plugin has a vulnerability that allows authenticated attackers with subscriber-level access or higher to access sensitive plug...

This vulnerability allows unauthenticated attackers to retrieve the HTML content of private, draft, or password-protected reusable blocks in WordPress...

This vulnerability allows unauthenticated attackers to view, modify, or delete the ChatGPT API key stored by the WordPress plugin. It affects all Word...

This vulnerability in Fleet's Android MDM Pub/Sub handling allows unauthenticated attackers to trigger device unenrollment events, causing targeted An...

This CVE describes a Missing Authorization vulnerability in the WordPress Shared Files plugin that allows unauthorized users to access files they shou...

This CVE describes a Missing Authorization vulnerability in SeedProd's WordPress plugin that allows attackers to bypass access controls. It affects al...

This vulnerability allows any unauthenticated user to reset the WorkTime on-prem database configuration by sending a specific HTTP request to the Work...

This CVE describes a Missing Authorization vulnerability in the WPBookit Pro WordPress plugin that allows attackers to bypass intended access controls...

This CVE describes a Missing Authorization vulnerability in WP-Lister Lite for eBay WordPress plugin that allows attackers to bypass access controls. ...

This CVE describes a Missing Authorization vulnerability in the Elementor Ally pojo-accessibility WordPress plugin that allows attackers to exploit in...

This CVE describes a Missing Authorization vulnerability in the BoldGrid Client Invoicing by Sprout Invoices WordPress plugin. It allows attackers to ...

This CVE describes a Missing Authorization vulnerability in the Endless Posts Navigation WordPress plugin that allows attackers to exploit incorrectly...

This vulnerability allows unauthorized users to access contact form submission data stored by the Elementor Contact Form DB WordPress plugin due to mi...

This CVE describes a Missing Authorization vulnerability in the hCaptcha for WP WordPress plugin that allows attackers to bypass access controls. It a...

This CVE describes a missing authorization vulnerability in the Ultimate Gift Cards for WooCommerce plugin that allows attackers to bypass access cont...

This CVE describes a missing authorization vulnerability in the Alma Gateway for WooCommerce WordPress plugin that allows attackers to bypass access c...

The Mega Store Woocommerce WordPress theme has an authorization vulnerability that allows authenticated users with Subscriber-level access or higher t...

This vulnerability allows unauthenticated attackers to delete attachments associated with guest orders in WooCommerce Checkout Field Manager plugin. A...

The EventPrime WordPress plugin allows unauthenticated attackers to upload image files to the WordPress uploads directory and create Media Library att...

The Bookr WordPress plugin has an authentication bypass vulnerability in its REST API endpoint that allows unauthenticated attackers to modify appoint...

The Easy Form Builder WordPress plugin has an authorization bypass vulnerability that allows authenticated users with Subscriber-level access or highe...

This vulnerability in the LatePoint WordPress plugin allows unauthenticated attackers to access sensitive booking data without proper authorization. I...

This vulnerability allows unauthenticated attackers to create arbitrary refund requests for any order in WCFM Marketplace plugin for WordPress. Attack...

The OAuth Single Sign On plugin for WordPress has an authentication bypass vulnerability that allows unauthenticated attackers to modify the global OA...

This vulnerability allows authenticated WordPress users with Subscriber-level permissions or higher to modify global WSDesk settings without proper au...

The Fortis for WooCommerce WordPress plugin has an authorization bypass vulnerability that allows unauthenticated attackers to change WooCommerce orde...

The Magic Import Document Extractor WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to modify the pl...

The Xendit Payment plugin for WordPress has an authentication bypass vulnerability that allows unauthenticated attackers to mark WooCommerce orders as...

This CVE describes a Missing Authorization vulnerability in the Atarim Visual Collaboration WordPress plugin that allows attackers to bypass access co...

This CVE describes a Missing Authorization vulnerability in the WordPress Share This Image plugin that allows attackers to bypass access controls. It ...

This CVE describes a Missing Authorization vulnerability in the WP Bannerize Pro WordPress plugin that allows attackers to exploit incorrectly configu...

This CVE describes a Missing Authorization vulnerability in the Sunshine Photo Cart WordPress plugin that allows attackers to exploit incorrectly conf...

This CVE describes a Missing Authorization vulnerability in the Wired Impact Volunteer Management WordPress plugin that allows attackers to exploit in...

This CVE describes a Missing Authorization vulnerability in the Amelia WordPress booking plugin that allows attackers to bypass access controls. It af...

This CVE describes a missing authorization vulnerability in the Spectra plugin for WordPress, allowing attackers to exploit incorrectly configured acc...

This CVE describes a Missing Authorization vulnerability in the Ultimate Addons for Contact Form 7 WordPress plugin that allows attackers to exploit i...

This vulnerability allows unauthorized remote access to the crontab endpoint in Zhong Bang CRMEB versions up to 5.6.3. Attackers can exploit this miss...

The Booking Calendar plugin for WordPress has an authorization vulnerability that allows unauthenticated attackers to access booking data. This affect...

The NEX-Forms WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to export form configurations containi...

The Rupantorpay WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to modify WooCommerce order statuses...

The RegistrationMagic WordPress plugin up to version 6.0.7.4 has a missing authorization vulnerability that allows unauthenticated attackers to modify...

This vulnerability allows unauthenticated attackers to download all form submission data containing personally identifiable information (PII) from Wor...

The Simple calendar for Elementor WordPress plugin has a missing authorization vulnerability that allows unauthenticated attackers to delete arbitrary...

The Easy Replace Image WordPress plugin has a missing authorization vulnerability that allows authenticated users with Contributor-level access or hig...