CWE-862: Missing Authorization

This CVE describes a Missing Authorization vulnerability in the Contact List PRO WordPress plugin that allows unauthorized users to perform actions in...

This CVE describes a Missing Authorization vulnerability in the SoftLab Radio Player WordPress plugin, allowing unauthorized users to perform actions ...

This CVE describes a Missing Authorization vulnerability in the Happyforms WordPress plugin that allows unauthorized users to perform actions that sho...

This CVE describes a Missing Authorization vulnerability in the WordPress Insert Post Ads plugin. It allows attackers to perform unauthorized actions ...

This CVE describes a Missing Authorization vulnerability in the WooCommerce Canada Post Shipping plugin for WordPress. It allows unauthorized users to...

This CVE describes a Missing Authorization vulnerability in the Leyka WordPress plugin that allows unauthorized users to perform actions requiring aut...

CVE-2024-34442 is a missing authorization vulnerability in the weDocs WordPress plugin that allows unauthorized users to access or modify documentatio...

This CVE describes a Missing Authorization vulnerability in the Tickera WordPress plugin that allows unauthorized users to perform actions they should...

This CVE describes a Missing Authorization vulnerability in the PilotPress WordPress plugin by ONTRAPORT Inc. It allows unauthorized users to access f...

This CVE describes a Missing Authorization vulnerability in the AdFoxly WordPress plugin that allows unauthorized users to perform privileged actions....

This CVE describes a Missing Authorization vulnerability in the WordPress Olive One Click Demo Import plugin that allows arbitrary file download. Atta...

This CVE describes a Missing Authorization vulnerability in the Social Share Pro WordPress plugin (also known as Social Share Icons & Social Share But...

This vulnerability allows attackers to bypass authorization checks in the Advanced Local Pickup for WooCommerce WordPress plugin. Unauthorized users c...

This CVE describes a Missing Authorization vulnerability in the Avirtum Vision Interactive WordPress plugin (Vision Image Map Builder). It allows unau...

This CVE describes a Missing Authorization vulnerability in the WordPress EmbedPress plugin that allows unauthorized users to perform actions intended...

This CVE describes a missing authorization vulnerability in the Tainacan WordPress plugin that allows unauthorized users to perform actions they shoul...

This CVE describes a Missing Authorization vulnerability in the Awesome Support WordPress plugin that allows unauthorized users to access restricted f...

This CVE describes a Missing Authorization vulnerability in WooCommerce Product Vendors plugin for WordPress. It allows unauthorized users to perform ...

This CVE describes a Missing Authorization vulnerability in the WordPress 'Import and export users and customers' plugin. It allows unauthorized users...

The WP-Recall plugin for WordPress has a missing capability check that allows unauthenticated attackers to delete arbitrary payment records. This affe...

The Testimonial Carousel For Elementor WordPress plugin has an authorization bypass vulnerability that allows unauthenticated attackers to modify plug...

This CVE describes a Missing Authorization vulnerability in the Flothemes Flo Forms WordPress plugin. It allows unauthorized users to perform actions ...

CVE-2023-34186 is a Missing Authorization vulnerability in the Imran Sayed Headless CMS WordPress plugin that allows unauthorized users to access rest...

This vulnerability allows unauthenticated attackers to bypass user registration controls in LearnPress WordPress LMS Plugin, enabling them to create a...

The ShopLentor (formerly WooLentor) WordPress plugin has an authorization bypass vulnerability that allows unauthenticated attackers to view all produ...

This CVE describes a Missing Authorization vulnerability in the WordPress Print My Blog plugin that allows unauthorized users to access functionality ...

This CVE describes a Missing Authorization vulnerability in the WordPress Post Grid Master plugin (also called AddonMaster Post Grid Master). It allow...

This CVE describes a Missing Authorization (Broken Access Control) vulnerability in the WordPress Slider Carousel – Responsive Image Slider plugin. ...

The Poll Maker WordPress plugin has an authorization vulnerability that allows unauthenticated attackers to extract email addresses through character-...

This vulnerability in the Analytify WordPress plugin allows unauthenticated attackers to modify the Google Analytics tracking ID without proper author...

This vulnerability allows authenticated administrative users in SAP Business Workflow to bypass role-based access controls and perform unauthorized hi...

This CVE describes a sandbox escape vulnerability in macOS where an application can bypass its security restrictions. It affects macOS systems running...

CVE-2023-23715 is a missing authorization vulnerability in JobBoardWP WordPress plugin that allows attackers to delete job listings without proper aut...

This CVE describes a macOS vulnerability where applications could bypass entitlement checks to access protected user data. It affects macOS Sonoma bef...

A permission control vulnerability in Huawei's contacts module allows unauthorized access or manipulation of contact data. This affects Huawei devices...

Kargo versions 1.9.0 to 1.9.2 have an authorization bypass vulnerability where three REST API endpoints omit the 'promote' verb check. This allows use...

This vulnerability in SAP ABAP systems allows authenticated users to access system information without proper authorization checks. It affects SAP sys...

This CVE describes a missing authorization vulnerability in the WCFM Marketplace WordPress plugin that allows attackers to bypass access controls. It ...

This vulnerability allows authenticated GitLab users without project membership to view sensitive manual CI/CD variables via GraphQL API queries. It a...

This CVE describes a Missing Authorization vulnerability in the MaxiBlocks WordPress plugin that allows attackers to bypass access controls. Attackers...

CVE-2025-42911 is an information disclosure vulnerability in SAP NetWeaver's Service Data Download component. Authenticated users can call a remote-en...

This CVE describes a missing authorization vulnerability in the SaasLauncher WordPress theme that allows attackers to bypass access controls. Attacker...

The Mattermost Confluence Plugin before version 1.5.0 has an authorization bypass vulnerability where it fails to verify user permissions when creatin...

This vulnerability in SAP NetWeaver allows authenticated non-administrative users to call a remote-enabled function module that reveals non-sensitive ...

This vulnerability in iTop allows authenticated users with portal access to modify object fields they shouldn't have permission to change. It affects ...

This CVE describes a Missing Authorization vulnerability in the MapSVG Lite WordPress plugin that allows attackers to bypass access controls and perfo...

This CVE describes a missing authorization vulnerability in the WpDevArt Booking Calendar plugin for WordPress. It allows attackers to bypass access c...

The ImageRecycle WordPress plugin has an authorization vulnerability that allows authenticated users with Subscriber-level access or higher to modify ...

This vulnerability allows authenticated remote attackers to bypass SAML authorization controls in Cisco ASA/FTD VPN services. Attackers can intercept ...

The AI ChatBot WordPress plugin has an authorization vulnerability that allows authenticated users with subscriber-level access or higher to list file...