CWE-862: Missing Authorization

The Quote Comments WordPress plugin has a missing authorization vulnerability that allows authenticated users with Subscriber-level access or higher t...

The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress has an authorization bypass vulnerability that allows unauthenticated attackers to c...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to create arbitrary forms via the Fluent Forms AI build...

The Unify WordPress plugin has an authorization bypass vulnerability that allows unauthenticated attackers to delete specific plugin options. This aff...

The Moosend Landing Pages WordPress plugin up to version 1.1.6 has an authorization vulnerability that allows authenticated users with Subscriber-leve...

This vulnerability in the WP Front User Submit WordPress plugin allows unauthenticated attackers to delete arbitrary media attachments via a REST API ...

This CVE describes a missing authorization vulnerability in the Cloudways Breeze WordPress plugin that allows attackers to bypass access controls. It ...

This CVE describes a missing authorization vulnerability in the WPFunnels Creator LMS WordPress plugin that allows attackers to bypass access controls...

This vulnerability allows unauthenticated attackers to modify pop-up display settings in WordPress sites using the Depicter plugin. All WordPress inst...

This vulnerability in the WP User Frontend WordPress plugin allows unauthenticated attackers to delete attachments without proper authorization. It af...

This vulnerability allows unauthenticated attackers to bypass access controls in the GS Portfolio for Envato WordPress plugin. Attackers can access re...

This CVE describes a Missing Authorization vulnerability in the Aum Watcharapon Featured Image Generator WordPress plugin that allows attackers to byp...

A missing authorization vulnerability in the WordPress Trash Duplicate and 301 Redirect plugin allows attackers to bypass access controls and perform ...

This CVE describes a missing authorization vulnerability in the RestroPress WordPress plugin that allows attackers to bypass access controls. It affec...

CVE-2025-62092 is a missing authorization vulnerability in the Wiremo WordPress plugin that allows attackers to bypass access controls. This affects W...

A missing authorization vulnerability in Quadlayers AI Copilot WordPress plugin allows attackers to bypass access controls and potentially modify plug...

This CVE describes a missing authorization vulnerability in the Flowbox WordPress plugin that allows attackers to bypass access controls. It affects a...

This CVE describes a Missing Authorization vulnerability in the Damian WP Export Categories & Taxonomies WordPress plugin that allows attackers to exp...

This CVE describes a Missing Authorization vulnerability in the QuadLayers TikTok Feed WordPress plugin that allows attackers to bypass access control...

This CVE describes a Missing Authorization vulnerability in the Illia Simple Like Page WordPress plugin that allows attackers to exploit incorrectly c...

This CVE describes a missing authorization vulnerability in the WP Grids EasyTest WordPress plugin that allows attackers to bypass access controls. It...

CVE-2025-62141 is a missing authorization vulnerability in the 101gen Wawp WordPress plugin that allows attackers to bypass access controls and perfor...

A missing authorization vulnerability in the NewClarity DMCA Protection Badge WordPress plugin allows attackers to bypass access controls and perform ...

This CVE describes a Missing Authorization vulnerability in the Realbig WordPress plugin that allows attackers to bypass access controls. It affects a...

This CVE describes a Missing Authorization vulnerability in the nicdark Hotel Booking WordPress plugin that allows attackers to bypass access controls...

This CVE describes a Missing Authorization vulnerability in the Channelize.Io Live Shopping & Shoppable Videos For WooCommerce WordPress plugin. It al...

This CVE describes a missing authorization vulnerability in the Reuters Direct WordPress plugin that allows attackers to bypass access controls. It af...

This vulnerability allows attackers to bypass authorization checks in the WP Advanced PDF WordPress plugin, potentially accessing restricted functiona...

This vulnerability allows attackers to bypass authorization controls in the WP Cookie Notice plugin, potentially accessing administrative functions wi...

This CVE describes a missing authorization vulnerability in the ShopMagic for WooCommerce WordPress plugin that allows attackers to bypass intended ac...

This CVE describes a Missing Authorization vulnerability in BoldGrid weForms WordPress plugin that allows attackers to bypass access controls. It affe...

This CVE describes a Missing Authorization vulnerability in the Skywarrior Arcane WordPress theme that allows attackers to bypass access controls. It ...

This CVE describes a missing authorization vulnerability in the kamleshyadav Medicalequipment WordPress theme that allows attackers to bypass access c...

This CVE describes a Missing Authorization vulnerability in the Themebeez Toolkit WordPress plugin that allows attackers to bypass access controls. It...

This CVE describes a Missing Authorization vulnerability in the XforWooCommerce Share, Print and PDF Products for WooCommerce plugin that allows attac...

This CVE describes a Missing Authorization vulnerability in XforWooCommerce Product Loops for WooCommerce plugin that allows attackers to exploit inco...

This CVE describes a Missing Authorization vulnerability in the VillaTheme HAPPY WordPress plugin that allows attackers to bypass access controls. It ...

This vulnerability allows unauthenticated attackers to view private, draft, and pending Elementor templates in WordPress sites using the Premium Addon...

The Tainacan WordPress plugin has an authorization bypass vulnerability that allows unauthenticated attackers to create arbitrary metadata sections fo...

This vulnerability allows unauthenticated attackers to modify any WordPress post by exploiting missing authorization checks in the Frontend Post Submi...

The F70 Lead Document Download WordPress plugin allows unauthenticated attackers to download any file from the WordPress media library by guessing att...

The Pretty Google Calendar WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to retrieve the Google AP...

This vulnerability allows unauthenticated attackers to access sensitive configuration data from the Simply Schedule Appointments WordPress plugin. All...

A missing authorization vulnerability in wpforchurch Sermon Manager WordPress plugin allows attackers to bypass intended access controls. This affects...

This CVE describes a Missing Authorization vulnerability in the WordPress Download After Email plugin that allows unauthorized users to bypass access ...

This vulnerability in the WP Cookie Consent WordPress plugin allows unauthenticated attackers to permanently delete any posts, pages, attachments, or ...

This CVE describes a missing authorization vulnerability in the TI WooCommerce Wishlist WordPress plugin that allows attackers to exploit incorrectly ...

This CVE describes a missing authorization vulnerability in the favethemes Homey Core WordPress plugin that allows attackers to bypass access controls...

This CVE describes a Missing Authorization vulnerability in the Brevo Sendinblue for WooCommerce plugin that allows attackers to exploit incorrectly c...

This CVE describes a Missing Authorization vulnerability in the WordPress Pochipp plugin that allows attackers to exploit incorrectly configured acces...