CWE-862: Missing Authorization

This CVE describes a Missing Authorization vulnerability in the Brevo Sendinblue for WooCommerce plugin that allows attackers to exploit incorrectly c...

This CVE describes a Missing Authorization vulnerability in the WordPress Pochipp plugin that allows attackers to exploit incorrectly configured acces...

This CVE describes a Missing Authorization vulnerability in the WP Views Counter WordPress plugin that allows attackers to exploit incorrectly configu...

This CVE describes a missing authorization vulnerability in the WP Cookie Notice for GDPR, CCPA & ePrivacy Consent WordPress plugin. It allows attacke...

This CVE describes a missing authorization vulnerability in the WP Compress for MainWP WordPress plugin that allows attackers to bypass access control...

This CVE describes a missing authorization vulnerability in the CatFolders WordPress plugin that allows attackers to exploit incorrectly configured ac...

This CVE describes a Missing Authorization vulnerability in SiteGround Security plugin for WordPress that allows attackers to exploit incorrectly conf...

This CVE describes a Missing Authorization vulnerability in the ZEEN101 Leaky Paywall WordPress plugin that allows attackers to bypass access controls...

This CVE describes a Missing Authorization vulnerability in the Auctollo Google XML Sitemaps WordPress plugin (google-sitemap-generator). It allows at...

This CVE describes a Missing Authorization vulnerability in the OnPay.io for WooCommerce plugin that allows attackers to exploit incorrectly configure...

This vulnerability allows unauthenticated attackers to abuse the JetFormBuilder WordPress plugin's AI form generation feature, consuming the site's AI...

The Dokan Pro WordPress plugin has a missing capability check on its wholesale registration REST API endpoint, allowing unauthenticated attackers to e...

This vulnerability allows unauthenticated attackers to access sensitive order statistics in the LearnPress WordPress plugin, including revenue summari...

This vulnerability allows unauthenticated attackers to modify OneSignal plugin settings in WordPress, including the App ID and API keys. Attackers can...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to submit replies to any support ticket in the HAPPY He...

The AnnunciFunebri Impresa WordPress plugin has an authorization vulnerability that allows authenticated users with Subscriber-level access or higher ...

This vulnerability in the Eyewear prescription form WordPress plugin allows unauthenticated attackers to delete arbitrary WooCommerce product categori...

This vulnerability allows unauthenticated attackers to create arbitrary WooCommerce products with custom names, prices, and categories on WordPress si...

The Easy Theme Options WordPress plugin has a missing authorization vulnerability that allows authenticated attackers with Subscriber-level access or ...

The Devs CRM WordPress plugin has a missing capability check on its bulk-update REST API endpoint, allowing unauthenticated attackers to modify lead t...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to modify tracking settings in the Employee Spotlight p...

This vulnerability allows unauthenticated attackers to manipulate the myCred WordPress plugin's financial systems. Attackers can approve withdrawal re...

The Devs CRM WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to access private user data through a R...

The Simple Bike Rental WordPress plugin has an authorization vulnerability that allows authenticated users with Subscriber-level access or higher to r...

The PDF for Contact Form 7 + Drag and Drop Template Builder WordPress plugin has an authorization bypass vulnerability that allows authenticated users...

This vulnerability allows unauthenticated attackers to write arbitrary JSON files to the server's publicly accessible upload directory via a misconfig...

The Vimeo SimpleGallery WordPress plugin has a missing authorization vulnerability that allows authenticated users with Subscriber-level access or hig...

This vulnerability in the Premmerce Wishlist for WooCommerce WordPress plugin allows authenticated users with Subscriber-level access or higher to del...

This vulnerability in the Filter Plus WooCommerce plugin allows unauthenticated attackers to modify plugin settings and create arbitrary filter option...

This vulnerability allows attackers to bypass authorization controls in the Slider a SlidersPack WordPress plugin, potentially accessing restricted fu...

This CVE describes a Missing Authorization vulnerability in the ThemeAtelier IDonate WordPress plugin that allows attackers to bypass access controls....

This CVE describes a missing authorization vulnerability in the rtCamp GoDAM WordPress plugin that allows attackers to bypass access controls. Attacke...

This CVE describes a missing authorization vulnerability in the WordPress Highlight and Share plugin that allows attackers to exploit incorrectly conf...

This CVE describes a missing authorization vulnerability in the Easy Form Builder WordPress plugin that allows attackers to bypass access controls. It...

This CVE describes a missing authorization vulnerability in the WP Email Capture WordPress plugin that allows attackers to bypass access controls. It ...

This CVE describes a missing authorization vulnerability in the WordPress User Extra Fields plugin (wp-user-extra-fields) that allows attackers to exp...

This CVE describes a missing authorization vulnerability in the Constant Contact + WooCommerce WordPress plugin that allows attackers to exploit incor...

This CVE describes a Missing Authorization vulnerability in the TrueBooker WordPress plugin that allows attackers to bypass access controls. It affect...

This CVE describes a missing authorization vulnerability in the Wbcom Designs lock-my-bp WordPress plugin that allows attackers to bypass intended acc...

This CVE describes a missing authorization vulnerability in the WPFunnels WordPress plugin that allows attackers to bypass access controls. It affects...

This CVE describes a missing authorization vulnerability in the PenciDesign PenNews WordPress theme that allows attackers to exploit incorrectly confi...

This CVE describes a missing authorization vulnerability in the ThimPress Sailing WordPress theme that allows attackers to bypass access controls. It ...

This CVE describes a missing authorization vulnerability in the wpdevart Booking Calendar plugin for WordPress. It allows attackers to bypass access c...

This CVE describes a Missing Authorization vulnerability in the Sitewide Notice WP WordPress plugin that allows attackers to exploit incorrectly confi...

This CVE describes a missing authorization vulnerability in the QuantumCloud Simple Link Directory WordPress plugin that allows attackers to exploit i...

This CVE describes a missing authorization vulnerability in the Woffice Core WordPress plugin that allows attackers to bypass access controls. It affe...

This CVE describes a missing authorization vulnerability in the xtemos Basel WordPress theme that allows attackers to bypass access controls. It affec...

This CVE describes a Missing Authorization vulnerability in the AdForest WordPress theme that allows attackers to bypass access controls. It affects a...

This CVE describes a missing authorization vulnerability in the WPForms Google Sheet Connector WordPress plugin that allows attackers to bypass access...

This CVE describes a missing authorization vulnerability in the Image Caption Hover Pro WordPress plugin that allows attackers to bypass access contro...