CWE-862: Missing Authorization

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to delete optimized WebP/AVIF image variants for any at...

This vulnerability allows authenticated WordPress users with Author-level permissions or higher to view API keys configured for external services (Ins...

This vulnerability allows authenticated WordPress users with Contributor-level access or higher to retrieve email addresses of all users who can edit ...

This CVE describes a missing authorization vulnerability in Codexert's Restrict Elementor Widgets WordPress plugin. It allows attackers to bypass inte...

This CVE describes a missing authorization vulnerability in the WordPress 'Import external attachments' plugin that allows attackers to exploit incorr...

This CVE describes a Missing Authorization vulnerability in the Accessibility by AudioEye WordPress plugin that allows attackers to exploit incorrectl...

This CVE describes a missing authorization vulnerability in the WordPress Request a Quote plugin that allows attackers to exploit incorrectly configur...

This CVE describes a missing authorization vulnerability in the WPS Bidouille WordPress plugin that allows attackers to bypass access controls. It aff...

This CVE describes a missing authorization vulnerability in the WP Coupons and Deals WordPress plugin that allows attackers to bypass intended access ...

This CVE describes a missing authorization vulnerability in the Easy Property Listings WordPress plugin that allows attackers to bypass access control...

This CVE describes a missing authorization vulnerability in the Directory Pro WordPress plugin that allows attackers to bypass access controls and per...

This vulnerability allows unauthorized users to access administrative functions in the SKT Page Builder WordPress plugin due to missing authorization ...

This CVE describes a Missing Authorization vulnerability in the CM On Demand Search And Replace WordPress plugin that allows attackers to exploit inco...

This CVE describes a missing authorization vulnerability in the ThemeNectar Salient Core WordPress plugin that allows attackers to exploit incorrectly...

The Auto Featured Image WordPress plugin has an authorization bypass vulnerability that allows authenticated users with Contributor-level permissions ...

This vulnerability allows authenticated WordPress users with Author-level permissions or higher to add images to Modula galleries owned by other users...

This vulnerability allows authenticated WordPress users with author-level permissions or higher to create global folders and reassign arbitrary media ...

The Userback WordPress plugin has an authorization vulnerability that allows authenticated users with Subscriber-level access or higher to access sens...

The Popover Windows WordPress plugin has a missing capability check vulnerability that allows authenticated users with subscriber-level access or high...

This vulnerability allows authenticated WordPress users with Contributor-level access or higher to modify plugin settings for the Gallery Blocks with ...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to activate the Creativ Demo Importer plugin without pr...

The Simple Theme Changer WordPress plugin has a missing capability check vulnerability that allows authenticated users with subscriber-level access or...

The URL Media Uploader WordPress plugin allows authenticated users with Contributor-level access or higher to upload safe media files without proper a...

The Premmerce Brands for WooCommerce WordPress plugin has an authorization vulnerability that allows authenticated users with Subscriber-level access ...

This vulnerability in Jenkins allows attackers with View/Read permission to view encrypted password values in views. It affects Jenkins 2.540 and earl...

This CVE describes a missing authorization vulnerability in the ARMember WordPress plugin that allows attackers to bypass access controls. Attackers c...

This CVE describes a missing authorization vulnerability in the Fluent Booking WordPress plugin that allows attackers to bypass access controls. It af...

This CVE describes a Missing Authorization vulnerability in WebToffee's eCommerce Marketing Automation plugin for WooCommerce. It allows attackers to ...

This CVE describes a Missing Authorization vulnerability in the My Calendar WordPress plugin that allows attackers to exploit incorrectly configured a...

This CVE describes a Missing Authorization vulnerability in Elementor Website Builder for WordPress that allows attackers to exploit incorrectly confi...

This CVE describes a missing authorization vulnerability in the WooCommerce PDF Invoices & Packing Slips WordPress plugin that allows unauthorized use...

A missing authorization vulnerability in the Ultimate Member ForumWP WordPress plugin allows attackers to bypass access controls and perform unauthori...

This vulnerability allows unauthorized users to exploit broken access controls in the CRM Perks Integration plugin for WordPress. Attackers can potent...

This CVE describes a Missing Authorization vulnerability in the Elastic Email Sender WordPress plugin that allows attackers to bypass access controls....

This CVE describes a Missing Authorization vulnerability in the Tablesome WordPress plugin that allows attackers to exploit incorrectly configured acc...

This CVE describes a missing authorization vulnerability in the VanKarWai Lobo WordPress theme that allows attackers to bypass access controls. It aff...

This CVE describes a Missing Authorization vulnerability in Happy Addons for Elementor WordPress plugin that allows attackers to exploit incorrectly c...

This CVE describes a Missing Authorization vulnerability in the My Tickets WordPress plugin by Joe Dolson. It allows attackers to exploit incorrectly ...

This CVE describes a missing authorization vulnerability in the Porto Theme Functionality plugin for WordPress, allowing attackers to exploit incorrec...

This vulnerability allows attackers to bypass authorization controls in the BestWebSoft Contact Form WordPress plugin, potentially accessing administr...

This CVE describes a missing authorization vulnerability in the Xagio SEO WordPress plugin that allows attackers to exploit incorrectly configured acc...

This CVE describes a Missing Authorization vulnerability in the Paysera WooCommerce Payment Gateway plugin that allows attackers to exploit incorrectl...

This CVE describes a Missing Authorization vulnerability in the WordPress Custom Layouts plugin that allows attackers to exploit incorrectly configure...

This CVE describes a Missing Authorization vulnerability in the EventPrime WordPress plugin that allows attackers to bypass intended access controls. ...

This CVE describes a Missing Authorization vulnerability in the WordPress Notification for Telegram plugin that allows attackers to bypass access cont...

This CVE describes a Missing Authorization vulnerability in the MultiParcels Shipping For WooCommerce WordPress plugin. It allows attackers to exploit...

This CVE describes a missing authorization vulnerability in the Ergonet Cache WordPress plugin that allows attackers to bypass access controls. It aff...

This CVE describes a Missing Authorization vulnerability in the Gravitec.net Web Push Notifications WordPress plugin that allows attackers to exploit ...

This CVE describes a missing authorization vulnerability in the Image Cleanup WordPress plugin that allows attackers to exploit incorrectly configured...

This CVE describes a Missing Authorization vulnerability in the Actionwear products sync WordPress plugin that allows attackers to exploit incorrectly...