CWE-862: Missing Authorization

This vulnerability allows authenticated Mattermost users to discover the existence of teams and their URL names by posting channel shortlinks and obse...

The RegistrationMagic WordPress plugin before version 6.0.7.2 lacks proper capability checks, allowing users with subscriber-level permissions or high...

The Media Library Folders WordPress plugin has an Insecure Direct Object Reference vulnerability that allows authenticated attackers with Author-level...

This vulnerability allows authenticated Kanboard users to duplicate tasks into projects they shouldn't have access to, bypassing permission controls. ...

This vulnerability in SAP Strategic Enterprise Management allows authenticated users to bypass authorization checks and view unauthorized information ...

This vulnerability in SAP S/4HANA Defense & Security allows authenticated users with standard privileges to directly modify database tables through re...

This vulnerability in SAP Fiori App Manage Service Entry Sheets allows authenticated users to perform unauthorized actions due to missing authorizatio...

This vulnerability in SAP Support Tools Plug-In allows authenticated users to access system configuration information without proper authorization che...

This CVE describes a missing authorization vulnerability in WeKan's Rules Handler component that allows unauthorized access to functionality. Attacker...

The Bucketlister WordPress plugin has an authorization vulnerability that allows authenticated users with Subscriber-level access or higher to add, de...

CVE-2025-15326 is an improper access controls vulnerability in Tanium Patch that allows authenticated users to access or modify resources beyond their...

CVE-2025-15327 is an improper access controls vulnerability in Tanium Deploy that could allow authenticated users to perform unauthorized actions. Thi...

This vulnerability in the ProfileGrid WordPress plugin allows authenticated users with Subscriber-level access or higher to suspend arbitrary users fr...

This CVE describes a missing authorization vulnerability in WeKan's position history tracking component. Attackers can exploit this remotely to access...

This CVE describes a Missing Authorization vulnerability in the WP Sync for Notion WordPress plugin that allows attackers to exploit incorrectly confi...

This CVE describes a missing authorization vulnerability in the WP Custom Admin Interface WordPress plugin that allows attackers to exploit incorrectl...

This CVE describes a Missing Authorization vulnerability in the Nelio Popups WordPress plugin that allows attackers to exploit incorrectly configured ...

This CVE describes a Missing Authorization vulnerability in the WordPress Latest Post Shortcode plugin that allows attackers to exploit incorrectly co...

This CVE describes a Missing Authorization vulnerability in the WPElemento Importer WordPress plugin that allows attackers to exploit incorrectly conf...

This CVE describes a Missing Authorization vulnerability in the WP Forms Signature Contract Add-On for WordPress. It allows attackers to exploit incor...

This CVE describes a Missing Authorization vulnerability in the myCred WordPress plugin that allows attackers to exploit incorrectly configured access...

This CVE describes a Missing Authorization vulnerability in the Contest Gallery WordPress plugin that allows attackers to exploit incorrectly configur...

This CVE describes a Missing Authorization vulnerability in the Modula Image Gallery WordPress plugin that allows attackers to exploit incorrectly con...

This CVE describes a missing authorization vulnerability in the Travelfic Toolkit WordPress plugin that allows attackers to exploit incorrectly config...

This CVE describes a missing authorization vulnerability in LA-Studio Element Kit for Elementor WordPress plugin that allows attackers to exploit inco...

This CVE describes a missing authorization vulnerability in the Smart Product Viewer WordPress plugin that allows attackers to exploit incorrectly con...

This CVE describes a Missing Authorization vulnerability in the BOX NOW Delivery WordPress plugin that allows attackers to bypass access controls. It ...

This vulnerability allows attackers to bypass authorization controls in the WordPress Admin Login URL Change plugin, potentially accessing administrat...

This CVE describes a Missing Authorization vulnerability in the WP Messiah Ai Image Alt Text Generator for WordPress plugin. It allows attackers to ex...

This CVE describes a Missing Authorization vulnerability in the Ecwid Shopping Cart WordPress plugin that allows attackers to bypass access controls. ...

This CVE describes a Missing Authorization vulnerability in the WordPress Anything Order by Terms plugin that allows attackers to exploit incorrectly ...

This CVE describes a missing authorization vulnerability in the WordPress Media Library File Size plugin that allows attackers to exploit incorrectly ...

This CVE describes a missing authorization vulnerability in the LifePress WordPress plugin that allows attackers to bypass access controls. It affects...

This CVE describes a Missing Authorization vulnerability in the Materialis Companion WordPress plugin that allows attackers to exploit incorrectly con...

This CVE describes a Missing Authorization vulnerability in the HD Quiz WordPress plugin that allows attackers to bypass access controls. Attackers ca...

This CVE describes a Missing Authorization vulnerability in the SiteLock Security WordPress plugin that allows attackers to bypass access controls. At...

This CVE describes a Missing Authorization vulnerability in the WordPress Automatic Featured Images from Videos plugin. It allows attackers to exploit...

This CVE describes a Missing Authorization vulnerability in the MyThemeShop WP Subscribe WordPress plugin (wp-subscribe) that allows attackers to expl...

The weDocs WordPress plugin has a missing capability check vulnerability that allows authenticated users with Subscriber-level access or higher to edi...

This CVE describes a Missing Authorization vulnerability in the Element Invader WordPress plugin that allows unauthorized users to access functionalit...

This CVE describes a missing authorization vulnerability in the WP Quick Post Duplicator WordPress plugin that allows attackers to exploit incorrectly...

This CVE describes a Missing Authorization vulnerability in the WPMasterToolKit WordPress plugin that allows attackers to bypass access controls. It a...

This CVE describes a missing authorization vulnerability in the WP MapIt WordPress plugin that allows attackers to bypass access controls. It affects ...

This CVE describes a Missing Authorization vulnerability in the Absolute Addons For Elementor WordPress plugin that allows attackers to exploit incorr...

This CVE describes a Missing Authorization vulnerability in the Select-Themes Don Peppe WordPress theme that allows attackers to exploit incorrectly c...

The NotificationX WordPress plugin has a missing capability check vulnerability in REST API endpoints that allows authenticated users with Contributor...

OpenProject versions before 17.0.1 and 16.6.5 have an information disclosure vulnerability where users with View Members permission in any project can...

The Phrase TMS Integration for WordPress plugin has an authorization vulnerability that allows authenticated users with Subscriber-level access or hig...

The GetGenie WordPress plugin has an authorization bypass vulnerability that allows authenticated users with Author-level permissions or higher to del...

The Booking Calendar plugin for WordPress has a missing authorization vulnerability that allows authenticated users with Subscriber-level access or hi...