CWE-862: Missing Authorization

This CVE describes a missing authorization vulnerability in the Fantastic Content Protector Free WordPress plugin. It allows attackers to bypass acces...

CVE-2023-23893 is a missing authorization vulnerability in the Simple Giveaways WordPress plugin that allows attackers to bypass access controls and p...

This CVE describes a Missing Authorization vulnerability in the WPSight WPCasa WordPress plugin that allows attackers to access functionality not prop...

This CVE describes a broken access control vulnerability in the Church Admin WordPress plugin where missing authorization allows users to access funct...

The Ultimate Coming Soon & Maintenance WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to change the...

The Product Table for WooCommerce plugin for WordPress exposes sensitive information through the var_dump_table parameter, allowing unauthenticated at...

The Hash Elements WordPress plugin has an authorization bypass vulnerability that allows unauthenticated attackers to retrieve draft post titles. This...

The Kognetiks Chatbot for WordPress plugin has an authorization bypass vulnerability that allows authenticated users with subscriber-level access or h...

The Kognetiks Chatbot for WordPress plugin has a missing capability check in the delete_assistant() function, allowing authenticated users with subscr...

The Hide Links WordPress plugin allows unauthenticated attackers to execute arbitrary shortcodes through comment text. This affects all WordPress site...

This CVE describes a missing authorization vulnerability in the Popup Maker WordPress plugin that allows attackers to access functionality not properl...

CVE-2024-43919 is a broken access control vulnerability in the YARPP WordPress plugin that allows unauthorized users to perform actions they shouldn't...

This CVE describes a Missing Authorization vulnerability in the Atarim WordPress plugin that allows attackers to access functionality not properly con...

This CVE describes a Missing Authorization vulnerability in the UsersWP WordPress plugin that allows attackers to exploit incorrectly configured acces...

This CVE describes a Missing Authorization vulnerability in the Persian WooCommerce WordPress plugin that allows attackers to access functionality not...

CVE-2024-39625 is a missing authorization vulnerability in the Icegram Engage WordPress plugin that allows unauthenticated attackers to duplicate mess...

This CVE describes a Missing Authorization vulnerability in the ConveyThis Translate plugin for WordPress. It allows attackers to access functionality...

This CVE describes a broken access control vulnerability in TheInnovs EleForms WordPress plugin that allows unauthorized users to perform actions they...

This CVE describes a broken access control vulnerability in the Upqode Plum: Spin Wheel & Email Pop-up WordPress plugin. It allows unauthorized users ...

This CVE describes a missing authorization vulnerability in the Product Delivery Date for WooCommerce Lite plugin that allows attackers to access func...

This vulnerability allows unauthorized users to access functionality that should be restricted to authorized users only in the WP Accessibility Helper...

This CVE describes a Missing Authorization vulnerability in the iPanorama 360 WordPress plugin that allows attackers to access functionality not prope...

CVE-2024-37468 is a missing authorization vulnerability in the Newsmatic WordPress theme that allows attackers to bypass access controls and perform u...

This CVE describes a missing authorization vulnerability in the WPMU DEV Defender Security WordPress plugin that allows attackers to access functional...

This CVE describes a missing authorization vulnerability in the Noptin Newsletter WordPress plugin that allows attackers to access functionality not p...

CVE-2024-37427 is a missing authorization vulnerability in the Arraytics Timetics WordPress plugin that allows attackers to bypass access controls and...

This CVE describes a Missing Authorization vulnerability in the WordPress Featured Image from URL (FIFU) plugin that allows attackers to exploit incor...

This CVE describes a missing authorization vulnerability in the Wpmet Elements Kit Elementor addons plugin for WordPress. It allows unauthenticated at...

This CVE describes a Missing Authorization vulnerability in the Kanban for WordPress plugin that allows attackers to exploit incorrectly configured ac...

This vulnerability allows unauthenticated attackers to reset license settings in Uncanny Automator Pro WordPress plugin. It affects all WordPress site...

This CVE describes a missing authorization vulnerability in the Cloudways Breeze WordPress plugin that allows attackers to bypass access controls. It ...

This CVE describes a Missing Authorization vulnerability in the Schema & Structured Data for WP & AMP WordPress plugin. It allows attackers to access ...

This CVE describes a missing authorization vulnerability in the dFactory Responsive Lightbox WordPress plugin that allows attackers to access function...

This CVE describes an authentication bypass vulnerability in 3Scale where unauthorized users can access PDF invoices of Developer users by knowing or ...

This vulnerability allows unauthenticated attackers to modify VAT status for any WooCommerce order via the EU/UK VAT Manager plugin. All WordPress sit...

The Chatbot with ChatGPT WordPress plugin before version 2.4.6 has an authorization flaw in a REST endpoint that allows unauthenticated attackers to r...

This vulnerability allows an attacker with physical access to a locked iOS/iPadOS device to view recent photos without authentication through the Assi...

The EventPrime WordPress plugin has an authorization bypass vulnerability that allows unauthenticated attackers to view private or password-protected ...

This vulnerability allows unauthenticated attackers to upload arbitrary files to WordPress sites using the Funnelforms Free plugin. Any WordPress site...

This CVE describes a Missing Authorization vulnerability in the myCred WordPress plugin that allows unauthorized users to access sensitive data. It af...

This CVE describes a missing authorization vulnerability in WordPress Sensei LMS plugins that allows unauthorized users to access restricted functiona...

The LadiApp WordPress plugin versions up to 4.3 contain an authentication bypass vulnerability that allows unauthenticated attackers to modify plugin ...

The Radio Player WordPress plugin has an authorization bypass vulnerability that allows unauthenticated attackers to modify player instances. This aff...

The Getwid WordPress plugin has a missing capability check vulnerability that allows authenticated users with Contributor-level access or higher to mo...

The Payflex Payment Gateway WordPress plugin has a missing capability check vulnerability that allows unauthenticated attackers to modify order status...

This CVE describes a Missing Authorization vulnerability in the Ninja Tables WordPress plugin by WPManageNinja LLC. It allows unauthorized users to pe...

This CVE describes a Missing Authorization vulnerability in the WP Dummy Content Generator WordPress plugin. It allows attackers to perform unauthoriz...

This vulnerability allows unauthorized users to access functionality intended only for administrators in the Vark Pricing Deals for WooCommerce WordPr...

CVE-2023-40603 is a missing authorization vulnerability in the Simple Org Chart WordPress plugin that allows unauthorized users to perform actions tha...

This CVE describes a missing authorization vulnerability in the Builder for WooCommerce reviews shortcodes – ReviewShort WordPress plugin. It allows...