CWE-862: Missing Authorization

The Simple calendar for Elementor WordPress plugin has a missing authorization vulnerability that allows unauthenticated attackers to delete arbitrary...

The Easy Replace Image WordPress plugin has a missing authorization vulnerability that allows authenticated users with Contributor-level access or hig...

This vulnerability in the Link Invoice Payment for WooCommerce WordPress plugin allows unauthenticated attackers to create or cancel partial payments ...

The Wise Analytics WordPress plugin up to version 1.1.9 has a missing authorization vulnerability in its REST API endpoint. Unauthenticated attackers ...

The Alchemist Ajax Upload WordPress plugin allows unauthenticated attackers to delete arbitrary media attachments due to missing capability checks. Th...

This CVE describes a missing authorization vulnerability in the SumUp Payment Gateway for WooCommerce plugin that allows attackers to bypass access co...

This CVE describes a Missing Authorization vulnerability in the Pie Register WordPress plugin that allows attackers to bypass access controls. It affe...

This CVE describes a missing authorization vulnerability in the WP Travel WordPress plugin that allows attackers to exploit incorrectly configured acc...

This CVE describes a Missing Authorization vulnerability in the Ryviu Product Reviews for WooCommerce WordPress plugin. It allows attackers to exploit...

This CVE describes a Missing Authorization vulnerability in the ElementCamp WordPress plugin that allows attackers to bypass access controls. It affec...

This CVE describes a missing authorization vulnerability in the ABCdatos Protección de datos - RGPD WordPress plugin that allows attackers to bypass ...

This CVE describes a missing authorization vulnerability in the WordPress Download After Email plugin that allows unauthorized users to bypass access ...

This vulnerability allows unauthorized users to exploit incorrectly configured access control in CloudPanel CLP Varnish Cache, potentially accessing r...

This CVE describes a Missing Authorization vulnerability in the Quick Restaurant Reservations WordPress plugin that allows attackers to bypass access ...

This CVE describes a Missing Authorization vulnerability in the sheepfish WebP Conversion WordPress plugin that allows attackers to bypass access cont...

The KiviCare WordPress plugin allows unauthenticated attackers to upload arbitrary text and PDF files due to missing authorization checks. This affect...

This CVE describes a Missing Authorization vulnerability in YITH WooCommerce Request A Quote plugin that allows attackers to bypass access controls. I...

This CVE describes a missing authorization vulnerability in the Apimo Connector WordPress plugin that allows attackers to bypass access controls. Atta...

This CVE describes a Missing Authorization vulnerability in the Prowess WordPress theme that allows attackers to bypass access controls. It affects al...

This CVE describes a Missing Authorization vulnerability in the Mikado-Themes Wanderland WordPress theme that allows attackers to bypass access contro...

This CVE describes a Missing Authorization vulnerability in the WebAppick CTX Feed plugin for WooCommerce, allowing unauthorized users to exploit inco...

This CVE describes a missing authorization vulnerability in the Civic Cookie Control WordPress plugin that allows attackers to bypass access controls....

This vulnerability in the Photo Gallery by 10WordPress plugin allows unauthenticated attackers to delete arbitrary image comments due to missing capab...

This vulnerability in the Custom Fonts WordPress plugin allows unauthenticated attackers to delete font directories and rewrite theme.json files due t...

The LearnPress WordPress plugin up to version 4.3.2.4 has an API endpoint that doesn't properly check user permissions, allowing unauthenticated attac...

The PeachPay WooCommerce plugin has a missing capability check on its ConvesioPay webhook endpoint, allowing unauthenticated attackers to modify WooCo...

The PAYGENT for WooCommerce WordPress plugin has an authorization bypass vulnerability that allows unauthenticated attackers to send forged payment no...

The Community Events WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to approve arbitrary events wit...

The User Registration Using Contact Form 7 WordPress plugin has an authorization bypass vulnerability that allows unauthenticated attackers to retriev...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to upload arbitrary signatures to any order in the Repa...

The Payment Button for PayPal WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to create fake orders ...

The Essential Addons for Elementor WordPress plugin exposes draft, pending, and private WooCommerce product information to unauthenticated attackers t...

This vulnerability allows unauthenticated attackers to mark any order's payment status as 'completed' without actual payment in WordPress sites using ...

This vulnerability allows unauthenticated attackers to use the Kalium WordPress theme as an open mail relay, sending emails from the server without au...

This vulnerability allows unauthenticated attackers to manipulate WooCommerce order statuses through the PayHere Payment Gateway plugin. Attackers can...

The Aplazo Payment Gateway WordPress plugin has an authorization bypass vulnerability that allows unauthenticated attackers to change WooCommerce orde...

The Perfit WooCommerce plugin for WordPress has a missing authorization vulnerability that allows unauthenticated attackers to delete arbitrary plugin...

The Netcash WooCommerce Payment Gateway plugin for WordPress has an authentication bypass vulnerability that allows unauthenticated attackers to mark ...

The miniOrange OTP Verification and SMS Notification for WooCommerce WordPress plugin has an authorization bypass vulnerability that allows unauthenti...

A missing authorization vulnerability in MediaWiki's CampaignEvents extension allows authenticated users to perform privileged actions without proper ...

This vulnerability allows unauthenticated attackers to export sensitive Contact Form 7 submission data from WordPress sites using the Contact Form vCa...

The Booking Calendar WordPress plugin exposes sensitive booking data to unauthenticated attackers due to disabled nonce verification by default. When ...

This CVE describes a Missing Authorization vulnerability in the Dashboard Welcome for Beaver Builder WordPress plugin. It allows attackers to exploit ...

This CVE describes a Missing Authorization vulnerability in the Hakob Re Gallery & Responsive Photo Gallery WordPress plugin. It allows attackers to b...

This CVE describes a Missing Authorization vulnerability in the Zorka WordPress theme by G5Theme, allowing attackers to exploit incorrectly configured...

The Quote Comments WordPress plugin has a missing authorization vulnerability that allows authenticated users with Subscriber-level access or higher t...

The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress has an authorization bypass vulnerability that allows unauthenticated attackers to c...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to create arbitrary forms via the Fluent Forms AI build...

The Unify WordPress plugin has an authorization bypass vulnerability that allows unauthenticated attackers to delete specific plugin options. This aff...

The Moosend Landing Pages WordPress plugin up to version 1.1.6 has an authorization vulnerability that allows authenticated users with Subscriber-leve...