CWE-862: Missing Authorization

The AI ChatBot WordPress plugin has an authorization vulnerability that allows authenticated users with subscriber-level access or higher to list file...

The AI ChatBot WordPress plugin has an authorization vulnerability that allows authenticated users with subscriber-level access or higher to delete fi...

This CVE describes a Missing Authorization vulnerability in the Ultimate Learning Pro WordPress plugin (indeed-learning-pro) that allows attackers to ...

CVE-2025-60106 is a missing authorization vulnerability in the Roxnor EmailKit WordPress plugin that allows attackers to delete arbitrary content with...

This CVE describes an authorization bypass vulnerability in SAP ABAP Platform where authenticated users with elevated privileges can use the SQL Conso...

This CVE describes a missing authorization vulnerability in the Five Star Restaurant Reservations WordPress plugin that allows attackers to bypass acc...

This CVE describes a missing authorization vulnerability in Zoom Workplace components that could allow privileged users to access sensitive informatio...

This vulnerability allows a rogue staff user with administrative privileges in Discourse to suspend other staff users, preventing them from logging in...

The LearnPress Export Import WordPress plugin has an authorization bypass vulnerability that allows unauthenticated attackers to delete migrated cours...

This vulnerability allows attackers to bypass authorization controls in the Protect WP Admin WordPress plugin, potentially accessing restricted admini...

The Custom Post Type UI WordPress plugin has an authorization bypass vulnerability that allows authenticated users with subscriber-level access or hig...

This CVE describes a Missing Authorization vulnerability in the SP Blog Designer WordPress plugin that allows attackers to exploit incorrectly configu...

A missing authorization vulnerability in the WP-Asambleas WordPress plugin allows attackers to exploit incorrectly configured access controls. This en...

This vulnerability in the WP Job Portal WordPress plugin allows unauthenticated attackers to assign themselves the employer role without proper author...

This CVE describes a missing authorization vulnerability in the Strategy11 Team Business Directory WordPress plugin that allows attackers to exploit i...

This vulnerability allows unauthorized factory resets of Android devices running in Dynamic System Updates (DSU) mode due to a missing permission chec...

This CVE describes a lock screen bypass vulnerability in Apple iOS and iPadOS that allows an attacker with physical access to view contacts without au...

This CVE describes a macOS sandbox bypass vulnerability that allows applications to circumvent Privacy preferences. It affects macOS Ventura, Sequoia,...

CVE-2026-30842 is an authorization bypass vulnerability in Wallos that allows authenticated users to delete avatar files uploaded by other users. The ...

The Seraphinite Accelerator WordPress plugin has an authorization vulnerability that allows authenticated users with Subscriber-level access or higher...

wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to close or reopen any forum topic via the wp...

This vulnerability allows unauthorized users with Developer-role permissions to set pipeline variables for manually triggered jobs in GitLab. This aff...

This CVE describes a missing authorization vulnerability in JetBrains TeamCity where project developers can add parameters to build configurations wit...

The Post Duplicator WordPress plugin allows authenticated attackers with Contributor-level access or higher to inject arbitrary protected post meta ke...

This CVE describes a Missing Authorization vulnerability in the Seraphinite Accelerator WordPress plugin that allows authenticated users to retrieve e...

This CVE describes a Missing Authorization vulnerability in the YayMail WooCommerce Email Customizer WordPress plugin that allows attackers to exploit...

This CVE describes a Missing Authorization vulnerability in the Penci AI SmartContent Creator WordPress plugin that allows attackers to bypass access ...

This CVE describes a Missing Authorization vulnerability in the Sober WordPress theme that allows attackers to bypass access controls. It affects all ...

This CVE describes a Missing Authorization vulnerability in the MailerLite WordPress plugin that allows attackers to exploit incorrectly configured ac...

This CVE describes a Missing Authorization vulnerability in the Echo Knowledge Base WordPress plugin that allows attackers to bypass access controls. ...

This CVE describes a Missing Authorization vulnerability in the Cookiebot WordPress plugin that allows attackers to exploit incorrectly configured acc...

This CVE describes a Missing Authorization vulnerability in the JAMstack Deployments WordPress plugin that allows attackers to exploit incorrectly con...

This CVE describes a Missing Authorization vulnerability in the Hello FSE WordPress theme that allows attackers to exploit incorrectly configured acce...

This CVE describes a missing authorization vulnerability in the Business Roy WordPress theme that allows attackers to bypass access controls. It affec...

This CVE describes a Missing Authorization vulnerability in the WordPress Final Tiles Grid Gallery Lite plugin that allows attackers to bypass access ...

This CVE describes a missing authorization vulnerability in the Ays Pro Secure Copy Content Protection and Content Locking WordPress plugin. It allows...

This CVE describes a Missing Authorization vulnerability in the PublishPress Authors WordPress plugin that allows attackers to exploit incorrectly con...

This CVE describes a Missing Authorization vulnerability in the WiserReview Product Reviews for WooCommerce WordPress plugin. It allows attackers to e...

This CVE describes a missing authorization vulnerability in the FluentForm WordPress plugin that allows attackers to bypass access controls. It affect...

This CVE describes a Missing Authorization vulnerability in the WordPress Client Portal plugin that allows attackers to bypass access controls. It aff...

The Dealia WordPress plugin has an authorization bypass vulnerability that allows authenticated users with Contributor-level permissions or higher to ...

The Virusdie WordPress plugin exposes API keys to authenticated users with Subscriber-level access or higher due to missing capability checks. This al...

The ACF Photo Gallery Field plugin for WordPress has a missing capability check that allows authenticated users with subscriber-level access or higher...

The Kali Forms WordPress plugin has an Insecure Direct Object Reference vulnerability that allows authenticated users with Contributor-level access or...

The EventPrime WordPress plugin allows authenticated attackers with Customer+ roles to modify administrator-created event posts without authorization....

The Taskbuilder WordPress plugin has an authorization bypass vulnerability that allows authenticated users (subscriber level or higher) to post commen...

The Tickera WordPress plugin has an authorization bypass vulnerability that allows authenticated users with Subscriber-level access or higher to modif...

This vulnerability in the Kadence Blocks WordPress plugin allows authenticated users with Contributor-level access or higher to perform unauthorized a...

This vulnerability allows authenticated Mattermost users to discover the existence of teams and their URL names by posting channel shortlinks and obse...

The RegistrationMagic WordPress plugin before version 6.0.7.2 lacks proper capability checks, allowing users with subscriber-level permissions or high...