CWE-862: Missing Authorization

The Contact Form 7 AWeber Extension plugin for WordPress has an authorization vulnerability that allows authenticated users with Subscriber-level acce...

The Page & Post Notes WordPress plugin has a missing capability check vulnerability that allows authenticated users with Subscriber-level access or hi...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to send arbitrary emails from the site with attacker-co...

The KiotViet Sync WordPress plugin has an authorization vulnerability that allows authenticated users with Subscriber-level access or higher to modify...

This vulnerability allows authenticated WordPress users with Contributor-level access or higher to upload arbitrary files to affected servers due to m...

The Features plugin for WordPress has an authorization vulnerability that allows authenticated users with Subscriber-level access or higher to revert ...

The Import Export For WooCommerce WordPress plugin has an authorization bypass vulnerability that allows authenticated users with Subscriber-level acc...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to create and publish arbitrary posts without proper au...

This CVE describes a missing authorization vulnerability in the WebToffee Smart Coupons for WooCommerce plugin that allows attackers to bypass access ...

This CVE describes a missing authorization vulnerability in the Insert PHP Code Snippet WordPress plugin that allows attackers to exploit incorrectly ...

The Events Calendar WordPress plugin versions up to 6.15.9 have an authorization vulnerability where authenticated users with Subscriber-level permiss...

The FuseWP WordPress plugin has an authorization bypass vulnerability that allows unauthenticated attackers to modify sync rules between WordPress use...

The Jenkins Publish to Bitbucket Plugin before version 0.5 has a missing permission check that allows authenticated attackers with only Overall/Read p...

The Jenkins Themis Plugin 1.4.1 and earlier contains a missing permission check vulnerability that allows authenticated attackers with Overall/Read pe...

This vulnerability in Jenkins Start Windocks Containers Plugin allows attackers with Overall/Read permission to connect to arbitrary URLs, potentially...

The Jenkins Nexus Task Runner Plugin before version 0.9.3 has a missing permission check vulnerability. Attackers with Overall/Read permission can for...

This vulnerability in the Call Now Button WordPress plugin allows authenticated attackers with Subscriber-level access or higher to access and modify ...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to link the vulnerable plugin to external nowbuttons.co...

This CVE describes a missing authorization vulnerability in the BoldGrid Client Invoicing by Sprout Invoices WordPress plugin. It allows attackers to ...

This CVE describes a missing authorization vulnerability in the Evergreen Content Poster WordPress plugin that allows attackers to exploit incorrectly...

This CVE describes a Missing Authorization vulnerability in the KiotViet Sync WordPress plugin that allows attackers to bypass access controls. It aff...

This CVE describes a missing authorization vulnerability in the WebinarPress WordPress plugin (formerly WPWebinarSystem) that allows attackers to bypa...

This CVE describes a Missing Authorization vulnerability in the Premmerce User Roles WordPress plugin that allows attackers to exploit incorrectly con...

This CVE describes a missing authorization vulnerability in WP-Lister Lite for eBay WordPress plugin that allows attackers to bypass access controls. ...

This CVE describes a missing authorization vulnerability in the Seriously Simple Podcasting WordPress plugin that allows attackers to exploit incorrec...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to disconnect the site's connection to miniorange servi...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to modify the NGINX Cache Optimizer plugin's blacklist ...

The Check Plagiarism WordPress plugin has an authorization vulnerability that allows authenticated users with Subscriber-level permissions or higher t...

The Originality.ai AI Checker WordPress plugin has an authorization vulnerability that allows authenticated users with Subscriber-level access or high...

Jira Align has an authorization vulnerability where low-privilege users can access endpoints they shouldn't, potentially viewing sensitive information...

This CVE describes a Missing Authorization vulnerability in the Rustaurius Front End Users WordPress plugin that allows unauthorized users to access f...

This CVE describes a Missing Authorization vulnerability in the Sovlix MeetingHub WordPress plugin that allows unauthorized users to access functional...

This CVE describes a Missing Authorization vulnerability in the WPXPO WowRevenue WordPress plugin that allows unauthorized users to access functionali...

This CVE describes a Missing Authorization vulnerability in the Repuso Social Proof Testimonials and Reviews WordPress plugin. It allows attackers to ...

This CVE describes a Missing Authorization vulnerability in the One Page Express Companion WordPress plugin. It allows attackers to perform actions wi...

This CVE describes a missing authorization vulnerability in the POSIMYTH UiChemy WordPress plugin. It allows authenticated users to perform actions th...

This vulnerability allows attackers to bypass authorization controls in the Smash Balloon Social Post Feed WordPress plugin, potentially accessing res...

This CVE describes a missing authorization vulnerability in the RealMag777 MDTF WordPress plugin that allows attackers to bypass intended access contr...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to view other users' wishlist data through the WPC Smar...

This vulnerability allows guest users in Mattermost to discover active public channels and their metadata through an API endpoint, bypassing intended ...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to modify plugin settings and features without proper a...

The SureForms WordPress plugin has an access control vulnerability in its REST API endpoint that allows authenticated users with contributor-level per...

The Newsup WordPress theme has a vulnerability that allows unauthenticated attackers to install the ansar-import plugin without proper authorization. ...

This vulnerability allows unauthorized access to the /show/integrations endpoint in JhumanJ OpnForm up to version 1.9.3. Attackers can exploit this mi...

This vulnerability allows unauthenticated attackers to submit feedback data to external services via the WDesignKit WordPress plugin. It affects WordP...

This CVE describes a Missing Authorization vulnerability in WP Subscription Forms PRO WordPress plugin that allows unauthorized users to delete arbitr...

This CVE describes a Missing Authorization vulnerability in the Nota Fiscal Eletrônica WooCommerce WordPress plugin that allows attackers to exploit ...

This CVE describes a Missing Authorization vulnerability in the WordPress Subscribe to Download plugin that allows attackers to bypass intended access...

This CVE describes a missing authorization vulnerability in the Netgsm WordPress plugin that allows attackers to bypass access controls. Attackers cou...

This CVE describes a missing authorization vulnerability in the WordPress Delisho plugin that allows attackers to bypass intended access controls. It ...