CWE-862: Missing Authorization

This CVE describes a Missing Authorization vulnerability in the Actionwear products sync WordPress plugin that allows attackers to exploit incorrectly...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to modify listing details without proper authorization....

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to delete arbitrary posts through a REST API endpoint. ...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to deactivate the Search, Filters & Merchandising for W...

The Beaver Builder WordPress plugin has an authorization bypass vulnerability that allows authenticated users with contributor-level access or higher ...

The Fluent Booking WordPress plugin has an authorization vulnerability that allows any authenticated user (including subscribers) to import and manage...

This vulnerability allows authenticated WordPress users with subscriber-level access or higher to merge or delete arbitrary taxonomy terms without pro...

The Beaver Builder WordPress plugin has a missing authorization vulnerability that allows authenticated users with contributor-level access or higher ...

The WP Fastest Cache WordPress plugin has an authorization bypass vulnerability that allows authenticated users with Subscriber-level access or higher...

This vulnerability in the Refund Request for WooCommerce WordPress plugin allows authenticated users with Subscriber-level access or higher to modify ...

The Search Exclude WordPress plugin has an authorization vulnerability that allows authenticated users with Contributor-level access or higher to modi...

This CVE describes a Missing Authorization vulnerability in the TNC Toolbox: Web Performance WordPress plugin that allows attackers to exploit incorre...

This CVE describes a Missing Authorization vulnerability in the WebToffee Accessibility Toolkit WordPress plugin that allows attackers to bypass acces...

This CVE describes a missing authorization vulnerability in the Table Block by Tableberg WordPress plugin that allows attackers to exploit incorrectly...

This vulnerability allows unauthorized users to access bookmark management functions in the CBX Bookmark & Favorite WordPress plugin due to missing au...

This CVE describes a missing authorization vulnerability in the WordPress Featured Post Creative plugin that allows attackers to bypass access control...

This vulnerability allows unauthorized users to access functionality intended only for authenticated administrators in the WebToffee Product Feed for ...

This CVE describes a Missing Authorization vulnerability in the WpEvently mage-eventpress WordPress plugin that allows attackers to exploit incorrectl...

This CVE describes a missing authorization vulnerability in the WpEvently mage-eventpress WordPress plugin that allows attackers to bypass access cont...

This CVE describes a Missing Authorization vulnerability in the FluentCommunity WordPress plugin that allows attackers to exploit incorrectly configur...

This CVE describes a Missing Authorization vulnerability in the Arconix Shortcodes WordPress plugin that allows attackers to exploit incorrectly confi...

This CVE describes a Missing Authorization vulnerability in the Legal Pages WordPress plugin that allows attackers to bypass access controls and perfo...

This CVE describes a missing authorization vulnerability in the PPOM for WooCommerce plugin that allows attackers to bypass access controls and perfor...

This vulnerability allows authenticated WordPress users with author-level permissions or higher to modify arbitrary posts and pages via a REST API end...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to modify smart contract addresses displayed by the Tok...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to clear scheduled triggers in the ELEX HelpDesk plugin...

The ELEX WordPress HelpDesk plugin has an authorization vulnerability that allows authenticated users with Subscriber-level access or higher to restor...

The ELEX WordPress HelpDesk plugin has an authorization bypass vulnerability that allows authenticated users with Subscriber-level access or higher to...

The ELEX WordPress HelpDesk plugin has an authorization vulnerability that allows authenticated users with Subscriber-level access or higher to perman...

The WSChat WordPress plugin has an authorization vulnerability that allows authenticated users with Subscriber-level access or higher to reset plugin ...

The wModes WordPress plugin has an authorization bypass vulnerability that allows authenticated users with subscriber-level access or higher to access...

The WP Duplicate Page WordPress plugin has a missing authorization vulnerability that allows authenticated users with Contributor-level access or high...

The Download Panel WordPress plugin has a missing capability check that allows authenticated users with Subscriber-level access or higher to modify pl...

The Permalinks Cascade WordPress plugin has a missing authorization vulnerability that allows authenticated users with subscriber-level access or high...

The Envira Photo Gallery WordPress plugin has an authorization vulnerability that allows authenticated users with Author-level permissions or higher t...

This CVE describes a Missing Authorization vulnerability in the WebToffee Order Export & Order Import for WooCommerce plugin that allows attackers to ...

This CVE describes a missing authorization vulnerability in the Pluggabl Booster for WooCommerce plugin that allows attackers to exploit incorrectly c...

This CVE describes a missing authorization vulnerability in the WooCommerce PDF Invoice Builder WordPress plugin that allows unauthorized users to acc...

This CVE describes a Missing Authorization vulnerability in the WPKoi Templates for Elementor WordPress plugin that allows attackers to exploit incorr...

This CVE describes a Missing Authorization vulnerability in the N-Media Frontend File Manager WordPress plugin (nmedia-user-file-uploader). It allows ...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to disconnect the Afosto service from the Quicq plugin ...

This vulnerability in the Alt Text Generator AI WordPress plugin allows authenticated attackers with Subscriber-level access or higher to delete the A...

This vulnerability allows authenticated WordPress users with subscriber-level access or higher to add, update, or delete listing types in the Classifi...

CVE-2025-42899 is an authorization bypass vulnerability in SAP S4CORE's Manage Journal Entries function that allows authenticated users to perform una...

This vulnerability allows authenticated attackers with basic privileges in SAP NetWeaver Application Server for ABAP to execute a specific function mo...

This vulnerability allows authenticated users with Service Desk Agent permissions in Combodo iTop to create ModuleInstallation objects without proper ...

This CVE describes a missing authorization vulnerability in the rymcu forest software's BankController component. Attackers can remotely exploit this ...

The Envira Photo Gallery WordPress plugin has a missing capability check on its bulk-convert REST API endpoint, allowing authenticated users with cont...

The EventPrime WordPress plugin allows authenticated users with Subscriber-level access or higher to add notes to any booking in the backend without p...

The Contact Form 7 AWeber Extension plugin for WordPress has an authorization vulnerability that allows authenticated users with Subscriber-level acce...