CWE-862: Missing Authorization

This CVE describes a missing authorization vulnerability in the Agency Toolkit WordPress plugin that allows attackers to bypass intended access contro...

This CVE describes a missing authorization vulnerability in the WordPress Adverts Plugin that allows attackers to bypass access controls and perform u...

This CVE describes a missing authorization vulnerability in the WordPress Question Answer plugin that allows attackers to access functionality not pro...

This CVE describes a Missing Authorization vulnerability in the WordPress Simple Icons plugin that allows attackers to bypass access controls. It affe...

This CVE describes a Missing Authorization vulnerability in WebProtect.ai Astra Security Suite WordPress plugin that allows attackers to bypass access...

This CVE describes a Missing Authorization vulnerability in the GDPR Cookie Notice WordPress plugin that allows attackers to exploit incorrectly confi...

This vulnerability allows attackers to bypass authorization controls in the Jaap Jansma Connector to CiviCRM with CiviMcRestFace WordPress plugin. Att...

This CVE describes a Missing Authorization vulnerability in Simple:Press WordPress plugin that allows attackers to bypass access controls and perform ...

This CVE describes a missing authorization vulnerability in the LearnPress WordPress plugin that allows attackers to bypass access controls. It affect...

This CVE describes a missing authorization vulnerability in the iNET Webkit WordPress plugin that allows attackers to access functionality not properl...

This CVE describes a Missing Authorization vulnerability in the WpEvently WordPress plugin that allows attackers to bypass access controls. Attackers ...

This CVE describes a missing authorization vulnerability in the Taxi Booking Manager for WooCommerce WordPress plugin. Attackers can exploit incorrect...

This CVE describes a Missing Authorization vulnerability in the Hossni Mubarak Cool Author Box WordPress plugin that allows attackers to exploit incor...

This CVE describes a missing authorization vulnerability in the SNORDIAN's H5PxAPIkatchu WordPress plugin that allows attackers to access functionalit...

This CVE describes a Missing Authorization vulnerability in the Music Press Pro WordPress plugin that allows attackers to bypass access controls. It a...

This CVE describes a missing authorization vulnerability in the PluginOps Top Bar WordPress plugin that allows attackers to bypass access controls. It...

The LifterLMS WordPress plugin has an unauthenticated post trashing vulnerability that allows attackers without credentials to move all published post...

This vulnerability in the ShareThis Dashboard for Google Analytics WordPress plugin allows unauthenticated attackers to disable all plugin features by...

This vulnerability in the Resido WordPress theme allows unauthenticated attackers to delete or save API keys without proper authorization checks. Any ...

The WP Crowdfunding WordPress plugin has an authorization vulnerability that allows authenticated users with subscriber-level access or higher to down...

This CVE describes a missing authorization vulnerability in the WordPress plugin Block Spam By Math Reloaded that allows attackers to access functiona...

This vulnerability in the School Management System for WordPress plugin allows unauthenticated attackers to delete arbitrary posts due to missing capa...

This vulnerability allows unauthenticated attackers to register user accounts on WordPress sites using the JNews theme, even when user registration is...

The IP2Location Redirection plugin for WordPress has an authentication bypass vulnerability that allows unauthenticated attackers to download the plug...

This CVE describes a missing authorization vulnerability in the Pixelite Events Manager WordPress plugin that allows attackers to exploit incorrectly ...

This vulnerability in the Event Tickets and Registration WordPress plugin allows authenticated attackers with Contributor-level access or higher to de...

The LTL Freight Quotes – GlobalTranz Edition WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to mo...

This vulnerability allows unauthenticated attackers to modify gift voucher values, expiration dates, and user notes in WordPress sites using the Gift ...

The Raptive Ads WordPress plugin has an authorization bypass vulnerability that allows unauthenticated attackers to reset ad and cls files. This affec...

The WordPress Portfolio Builder plugin has an authorization bypass vulnerability that allows unauthenticated attackers to add arbitrary videos to any ...

The PeproDev Ultimate Invoice WordPress plugin has an Insecure Direct Object Reference vulnerability that allows unauthenticated attackers to view inv...

The WP Extended WordPress plugin has an authorization bypass vulnerability that allows unauthenticated attackers to reorder posts. This affects all Wo...

This vulnerability allows unauthenticated attackers to generate technical metadata in SAP systems via an RFC-enabled function module in transaction SD...

This vulnerability in the WordPress Contact Forms by Cimatti plugin allows unauthenticated attackers to download form submissions containing potential...

This CVE describes a missing authorization vulnerability in LearnDash LMS WordPress plugin that allows attackers to bypass access controls and access ...

CVE-2025-24600 is a missing authorization vulnerability in the RSVPMaker WordPress plugin that allows unauthorized users to access restricted function...

This vulnerability allows unauthorized users to access sensitive data in WooCommerce Quick View plugin due to missing authorization checks. It affects...

This vulnerability in Oracle JD Edwards EnterpriseOne Tools allows unauthenticated attackers with network access via HTTP to read sensitive data. It a...

The Atarim WordPress plugin has a vulnerability that allows unauthenticated attackers to delete project pages and files without proper authorization. ...

This vulnerability in the Evergreen Content Poster WordPress plugin allows unauthenticated attackers to delete arbitrary posts and pages due to missin...

This vulnerability allows attackers to bypass authorization controls in the Contact Form 7 Anti Spambot WordPress plugin, potentially accessing admini...

This CVE describes a Missing Authorization vulnerability in the Sanjaysolutions Loginplus WordPress plugin that allows attackers to access functionali...

This CVE describes a Missing Authorization vulnerability in Drupal Open Social that allows forceful browsing (accessing restricted pages without prope...

This vulnerability allows unauthenticated attackers to modify order statuses in WordPress sites using the Shopping Cart & eCommerce Store plugin. Atta...

The SureForms WordPress plugin has an information exposure vulnerability that allows unauthenticated attackers to export data from password-protected,...

This CVE describes a Missing Authorization vulnerability in the WP SecureSubmit WordPress plugin that allows unauthorized access to sensitive data. At...

This CVE describes a Missing Authorization vulnerability in the Saoshyant Page Builder WordPress plugin that allows attackers to exploit incorrectly c...

The Jupiter X Core WordPress plugin has an authorization bypass vulnerability that allows unauthenticated attackers to export popup templates. This af...

The Export Import Menus WordPress plugin has an authorization bypass vulnerability that allows unauthenticated attackers to export WordPress menu data...

This vulnerability allows unauthenticated attackers to delete database data in the Ultimate Popup Creator WordPress plugin. Any WordPress site using v...