CWE-862: Missing Authorization

This CVE describes a Missing Authorization vulnerability in the Post SMTP WordPress plugin that allows attackers to exploit incorrectly configured acc...

This CVE describes a missing authorization vulnerability in the Ivory Search WordPress plugin that allows attackers to exploit incorrectly configured ...

This CVE describes a missing authorization vulnerability in the ListingPro WordPress theme that allows attackers to bypass access controls. Attackers ...

This CVE describes a missing authorization vulnerability in the WordPress ListingPro Lead Form plugin that allows attackers to access functionality no...

This CVE describes a missing authorization vulnerability in the Quiz And Survey Master WordPress plugin that allows attackers to bypass access control...

This CVE describes a missing authorization vulnerability in the Traveler WordPress theme that allows attackers to bypass access controls. Attackers co...

This CVE describes a Missing Authorization vulnerability in the Payment Gateway for PayPal on WooCommerce plugin that allows attackers to exploit inco...

This CVE describes a Missing Authorization vulnerability in weDevs WP ERP plugin for WordPress that allows attackers to exploit incorrectly configured...

This CVE describes a Missing Authorization vulnerability in the Eupago Gateway for WooCommerce WordPress plugin that allows attackers to bypass access...

This CVE describes a Missing Authorization vulnerability in the WordPress Post Cloner plugin that allows attackers to exploit incorrectly configured a...

This CVE describes a Missing Authorization vulnerability in the Formstack Online Forms WordPress plugin that allows attackers to bypass access control...

This vulnerability allows unauthorized users to access CRM data and functions due to broken access controls in the WP-CRM System WordPress plugin. Any...

This CVE describes a Missing Authorization vulnerability in the BERTHA AI WordPress plugin that allows attackers to bypass access controls. It affects...

This vulnerability allows attackers to bypass authorization controls in the ThemeRain Core WordPress plugin, potentially accessing restricted function...

This CVE describes a Missing Authorization vulnerability in the Hype Hype pico WordPress plugin that allows attackers to bypass access controls. It af...

This vulnerability allows unauthenticated attackers to clear or overwrite the social counter cache in the Wp Social Login and Register Social Counter ...

The Projectopia WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to delete arbitrary file attachments...

The Everest Backup WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to delete backup progress files. ...

This vulnerability in TCMAN GIM v11 allows unauthenticated attackers to determine whether specific user accounts exist on the system by exploiting a S...

The Hide Category by User Role for WooCommerce WordPress plugin has a missing authorization vulnerability that allows unauthenticated attackers to flu...

The atec Duplicate Page & Post WordPress plugin has an authorization vulnerability that allows authenticated users with Contributor-level access or hi...

The Ace Post Type Builder WordPress plugin has an authorization vulnerability that allows authenticated users with Subscriber-level permissions or hig...

The Chamber Dashboard Business Directory WordPress plugin has an authorization bypass vulnerability that allows unauthenticated attackers to export al...

The Social Images Widget WordPress plugin has a missing capability check that allows unauthenticated attackers to delete plugin settings via CSRF. Thi...

The Autochat Automatic Conversation WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to modify client...

The Booking Calendar Contact Form WordPress plugin has a missing authorization vulnerability that allows unauthenticated attackers to confirm bookings...

This vulnerability allows unauthenticated attackers to arbitrarily confirm appointments in the Appointment Booking Calendar WordPress plugin without p...

This vulnerability allows unauthorized users to access WooCommerce product variation data due to missing authorization checks in the 'Show Variations ...

This CVE describes a Missing Authorization vulnerability in the Subscriptions & Memberships for PayPal WordPress plugin that allows attackers to bypas...

This CVE describes a missing authorization vulnerability in the Cart Weight for WooCommerce plugin that allows attackers to bypass access controls. It...

This CVE describes a Missing Authorization vulnerability in the bPlugins Tiktok Feed WordPress plugin (b-tiktok-feed) that allows attackers to exploit...

This CVE describes a missing authorization vulnerability in the ThemeAtelier Chat Help WordPress plugin that allows attackers to bypass access control...

This CVE describes a Missing Authorization vulnerability in the Cozy Vision SMS Alert Order Notifications WordPress plugin that allows attackers to by...

This CVE describes a missing authorization vulnerability in the PropertyHive WordPress plugin that allows attackers to bypass access controls. It affe...

This CVE describes a Missing Authorization vulnerability in the Custom Order Numbers for WooCommerce WordPress plugin that allows unauthorized users t...

This CVE describes a missing authorization vulnerability in the Gutenverse WordPress plugin that allows attackers to bypass access controls. It affect...

This CVE describes a missing authorization vulnerability in the Seriously Simple Podcasting WordPress plugin that allows attackers to bypass access co...

The ELEX WordPress HelpDesk plugin has an authorization vulnerability that allows authenticated users with Subscriber-level access or higher to remove...

The Checkbox plugin for WordPress has an unauthenticated AJAX endpoint that allows attackers to clear log files without proper authorization. This aff...

This vulnerability allows unauthenticated attackers to extract partial metadata of all WordPress users, including first names, last names, and email a...

The Restrictions for BuddyPress WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to modify user track...

The Cryptocurrency Payment Gateway for WooCommerce WordPress plugin has an authorization bypass vulnerability that allows unauthenticated attackers to...

The Contest Gallery WordPress plugin has an authorization bypass vulnerability that allows unauthenticated attackers to inject arbitrary media attachm...

This CVE describes a Missing Authorization vulnerability in the QuantumCloud ChatBot WordPress plugin that allows attackers to bypass access controls....

This CVE describes a missing authorization vulnerability in the YOP Poll WordPress plugin that allows attackers to exploit incorrectly configured acce...

The Survey Maker WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to view all survey submissions. Thi...

The Survey Maker WordPress plugin allows unauthenticated attackers to modify the ays_survey_maker_upgrade_plugin option due to missing capability chec...

The Welcart e-Commerce plugin for WordPress has an authentication bypass vulnerability that allows unauthenticated attackers to access sensitive payme...

NVIDIA AIStore has an authentication vulnerability (CWE-862: Missing Authorization) that allows unauthenticated attackers to access sensitive informat...

The Find Unused Images WordPress plugin has an authorization bypass vulnerability that allows unauthenticated attackers to delete all image attachment...