CWE-862: Missing Authorization

The Booking Calendar plugin for WordPress has a missing authorization vulnerability that allows authenticated users with Subscriber-level access or hi...

The All in One SEO WordPress plugin has a missing capability check on its REST API endpoint, allowing authenticated users with Contributor-level acces...

The Responsive Accordion Slider WordPress plugin has an authorization vulnerability that allows authenticated users with Contributor-level access or h...

The Crush.pics WordPress plugin has a missing capability check vulnerability that allows authenticated users with Subscriber-level access or higher to...

This vulnerability allows authenticated WordPress users with subscriber-level access or higher to enroll themselves in any Tutor LMS course without pa...

The Tutor LMS WordPress plugin has an authorization bypass vulnerability that allows authenticated users with subscriber-level access or higher to mar...

This vulnerability allows authenticated WordPress users with subscriber-level access or higher to modify and delete coupon data in Tutor LMS. Attacker...

This CVE describes a Missing Authorization vulnerability in the Nawawi Jamili Docket Cache WordPress plugin that allows attackers to exploit incorrect...

CVE-2026-22487 is a missing authorization vulnerability in the baqend Speed Kit WordPress plugin, allowing attackers to bypass access controls and pot...

This CVE describes a missing authorization vulnerability in the Campaign Monitor for WordPress plugin that allows attackers to exploit incorrectly con...

This vulnerability allows authenticated WordPress users with Author-level permissions or higher to replace arbitrary media files in the WordPress Medi...

CVE-2025-69333 is a missing authorization vulnerability in the Crocoblock JetEngine WordPress plugin that allows attackers to bypass intended access c...

A missing authorization vulnerability in the ThemeHunk Oneline Lite WordPress theme allows attackers to bypass access controls and potentially modify ...

This CVE describes a Missing Authorization vulnerability in the Tickera WordPress plugin that allows attackers to bypass access controls and perform u...

This vulnerability allows unauthorized users to modify Post Expirator plugin settings due to missing authorization checks. It affects WordPress sites ...

This CVE describes a Missing Authorization vulnerability in the Ultimate Store Kit Elementor Addons WordPress plugin that allows attackers to exploit ...

This CVE describes a missing authorization vulnerability in the Car Rental Manager WordPress plugin that allows attackers to bypass access controls. A...

This CVE describes a missing authorization vulnerability in the Theater for WordPress plugin that allows attackers to bypass intended access controls....

This vulnerability in Emlog CMS allows administrators to restrict users from editing or deleting their own published articles. It affects all users of...

This vulnerability allows unauthorized users to access administrative functions in the WP Custom Admin Interface WordPress plugin due to missing autho...

This CVE describes a missing authorization vulnerability in the AnyComment WordPress plugin that allows attackers to bypass access controls. Attackers...

This CVE describes a Missing Authorization vulnerability in the ThemeBoy Hide Plugins WordPress plugin that allows attackers to bypass intended access...

This CVE describes a Missing Authorization vulnerability in the WordPress plugin 'Easy Upload Files During Checkout' that allows attackers to bypass a...

This CVE describes a missing authorization vulnerability in the Approveme Signature Add-On for Gravity Forms WordPress plugin. It allows attackers to ...

This CVE describes a Missing Authorization vulnerability in the Direct Payments WP WordPress plugin that allows attackers to bypass access controls. I...

A missing authorization vulnerability in the Extend Themes Vireo WordPress theme allows attackers to bypass intended access controls and potentially p...

This CVE describes a Missing Authorization vulnerability in Skynet Technologies USA LLC's All in One Accessibility WordPress plugin that allows attack...

This CVE describes a missing authorization vulnerability in the History Timeline WordPress plugin that allows attackers to bypass access controls. It ...

This CVE describes a Missing Authorization vulnerability in the Recorp AI Content Writing Assistant WordPress plugin that allows attackers to bypass a...

This CVE describes a Missing Authorization vulnerability in the WPdiscover Accordion Slider Gallery WordPress plugin that allows attackers to bypass i...

This CVE describes a Missing Authorization vulnerability in the Tasty Recipes Lite WordPress plugin that allows attackers to bypass access controls. I...

This CVE describes a Missing Authorization vulnerability in the Strategy11 Team Tasty Recipes Lite WordPress plugin that allows attackers to exploit i...

This CVE describes a missing authorization vulnerability in the Sticky Notes for WP Dashboard WordPress plugin. It allows attackers to exploit incorre...

This CVE describes a Missing Authorization vulnerability in the Orders Chat for WooCommerce WordPress plugin that allows attackers to bypass access co...

The Akuvox Smart Intercom S539 has an improper access control vulnerability that allows users with 'User' privileges to modify API settings and config...

This CVE describes a Missing Authorization vulnerability in the SiteLock Security WordPress plugin that allows attackers to bypass access controls. It...

This CVE describes a Missing Authorization vulnerability in the WordPress Demo Importer Plus plugin that allows attackers to exploit incorrectly confi...

This CVE describes a Missing Authorization vulnerability in the WordPress Discussion Board plugin (wp-discussion-board) that allows attackers to explo...

This CVE describes a Missing Authorization vulnerability in the Event Organiser WordPress plugin that allows attackers to exploit incorrectly configur...

This CVE describes a Missing Authorization vulnerability in the jetmonsters Stratum WordPress plugin that allows attackers to bypass access controls. ...

This vulnerability allows attackers to bypass authorization controls in the auxin-elements WordPress plugin, potentially accessing restricted function...

This CVE describes a Missing Authorization vulnerability in the My Sticky Elements WordPress plugin that allows attackers to exploit incorrectly confi...

This CVE describes a Missing Authorization vulnerability in the Vikas Ratudi Chakra test WordPress plugin that allows attackers to bypass access contr...

CVE-2023-25068 is a missing authorization vulnerability in the Magazine Edge WordPress theme that allows authenticated users to activate arbitrary plu...

This vulnerability in the myCred WordPress plugin allows authenticated attackers with Subscriber-level access or higher to retrieve sensitive user inf...

A missing authorization vulnerability in Utarit Informatics Services Inc. SoliClub allows authenticated users to perform actions beyond their intended...

The Sweet Energy Efficiency WordPress plugin has an authorization vulnerability that allows authenticated users (even with low-privilege subscriber ac...

The Download Manager WordPress plugin up to version 3.3.32 has an authorization bypass vulnerability that allows authenticated users with Subscriber-l...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to delete optimized WebP/AVIF image variants for any at...

This vulnerability allows authenticated WordPress users with Author-level permissions or higher to view API keys configured for external services (Ins...