CWE-862: Missing Authorization

This CVE describes a missing authorization vulnerability in the WordPress Custom Login URL plugin that allows attackers to bypass intended access cont...

This CVE describes a Missing Authorization vulnerability in the Cecabank WooCommerce Plugin for WordPress. It allows attackers to exploit incorrectly ...

This CVE describes a Missing Authorization vulnerability in the AppMySite WordPress plugin that allows attackers to bypass access controls. It affects...

This CVE describes a Missing Authorization vulnerability in the Easy Quotes WordPress plugin that allows attackers to bypass intended access controls....

This CVE describes a missing authorization vulnerability in the TI WooCommerce Wishlist WordPress plugin that allows attackers to bypass access contro...

This CVE describes a missing authorization vulnerability in the Maidul Team Manager WordPress plugin that allows attackers to bypass access controls. ...

This CVE describes a missing authorization vulnerability in the Classic Widgets with Block-based Widgets WordPress plugin that allows attackers to acc...

This CVE describes a missing authorization vulnerability in the Memberful WordPress plugin that allows attackers to access functionality not properly ...

This CVE describes a missing authorization vulnerability in the Javo Core WordPress plugin that allows attackers to bypass access controls and perform...

This CVE describes a missing authorization vulnerability in the DriCub WordPress theme that allows attackers to bypass access controls. It affects all...

This CVE describes a missing authorization vulnerability in the ThimPress WP Events Manager WordPress plugin that allows attackers to bypass intended ...

This CVE describes a missing authorization vulnerability in the CardCom Payment Gateway WordPress plugin that allows attackers to bypass access contro...

This CVE describes a Missing Authorization vulnerability in SALESmanago & Leadoo WordPress plugins that allows attackers to bypass access controls. It...

This CVE describes a missing authorization vulnerability in the wpcraft WooMS WordPress plugin that allows attackers to bypass intended access control...

This CVE describes a missing authorization vulnerability in the WPXPO WowAddons WordPress plugin that allows attackers to bypass intended access contr...

This CVE describes a missing authorization vulnerability in the Skimlinks Affiliate Marketing Tool WordPress plugin that allows attackers to access fu...

This CVE describes a missing authorization vulnerability in the Image Hover Effects - Elementor Addon WordPress plugin. Attackers can exploit incorrec...

This CVE describes a missing authorization vulnerability in the N-Media Frontend File Manager WordPress plugin that allows attackers to bypass access ...

This CVE describes a Missing Authorization vulnerability in the Heureka WordPress plugin that allows attackers to access functionality not properly re...

This CVE describes a missing authorization vulnerability in the WP Compress WordPress plugin that allows attackers to access functionality not properl...

The Secure Passkeys WordPress plugin has an authorization vulnerability that allows authenticated users with Subscriber-level access or higher to view...

This vulnerability allows attackers without Overall/Read permission in Jenkins to list agent names through the sidepanel executors widget. It affects ...

The Sydney WordPress theme has a missing capability check in the 'activate_modules' function, allowing authenticated users with Subscriber-level acces...

This vulnerability allows remote attackers to view display page templates in Liferay Portal/DXP without proper authorization checks. Attackers can exp...

The Salon Booking System WordPress plugin has an authorization bypass vulnerability that allows unauthenticated attackers to execute AJAX actions, inc...

This CVE describes a missing authorization vulnerability in the Export WP Page to Static HTML/CSS WordPress plugin that allows attackers to access fun...

This vulnerability allows attackers to bypass authorization controls in the WP Swings PDF Generator for WordPress plugin, potentially accessing restri...

CVE-2025-58979 is a missing authorization vulnerability in the BerqWP WordPress plugin that allows attackers to bypass access controls and potentially...

This CVE describes a missing authorization vulnerability in the Kalium WordPress theme that allows unauthorized users to access functionality intended...

This CVE describes a Missing Authorization vulnerability in the Majestic Support WordPress plugin that allows unauthorized users to access functionali...

This CVE describes a missing authorization vulnerability in the PeachPay Payments WordPress plugin that allows attackers to bypass access controls. It...

This CVE describes a missing authorization vulnerability in the Support Genix WordPress plugin that allows attackers to bypass intended access control...

This CVE describes a missing authorization vulnerability in the Barn2 Plugins Posts Table with Search & Sort WordPress plugin. It allows attackers to ...

This CVE describes a missing authorization vulnerability in the Paid Member Subscriptions WordPress plugin that allows attackers to bypass access cont...

This CVE describes a missing authorization vulnerability in the Surfer SEO WordPress plugin that allows attackers to bypass access controls. It affect...

This CVE describes a Missing Authorization vulnerability in the AfterShip Tracking WordPress plugin that allows unauthorized users to access functiona...

The WC Plus WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to modify the site's favicon logo base. ...

This CVE describes a Missing Authorization vulnerability in the Church Admin WordPress plugin that allows attackers to bypass access controls and perf...

This CVE describes a missing authorization vulnerability in the Houzez WordPress theme that allows attackers to access functionality not properly cons...

This CVE describes a missing authorization vulnerability in POSIMYTH Nexter Blocks WordPress plugin that allows attackers to bypass intended access co...

This CVE describes a missing authorization vulnerability in the PARETO Digital Embedder for Google Reviews WordPress plugin. It allows attackers to ac...

In Gatling Enterprise versions below 1.25.0, low-privileged users without admin roles can access read-only REST API endpoints due to missing authoriza...

The Brizy Page Builder WordPress plugin has an unauthenticated file upload vulnerability that allows attackers to upload .TXT files to the server. Thi...

The Omnishop WordPress plugin has an unauthenticated registration bypass vulnerability that allows attackers to create arbitrary customer accounts eve...

The Vchasno Kasa WordPress plugin has an unauthenticated data deletion vulnerability that allows attackers to clear log files without authentication. ...

The Listly WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to delete arbitrary transient values stor...

This CVE describes a missing authorization vulnerability in the Hestia WordPress theme that allows attackers to access functionality not properly rest...

This CVE describes a Missing Authorization vulnerability in the amazewp fluXtore WordPress plugin that allows attackers to exploit incorrectly configu...

CVE-2025-53295 is a missing authorization vulnerability in the iCount Payment Gateway WordPress plugin that allows attackers to access functionality n...

The Amazon Products to WooCommerce WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to create new pro...