CWE-862: Missing Authorization

This CVE describes a missing authorization vulnerability in the Greenshift WordPress plugin that allows attackers to bypass intended access controls. ...

A missing authorization vulnerability in the Themify Builder WordPress plugin allows attackers to bypass intended access controls. This affects all ve...

The ColorMag WordPress theme has a missing capability check that allows authenticated users with Subscriber-level access or higher to install the Them...

The Media Library Assistant WordPress plugin allows authenticated attackers with Author-level permissions or higher to delete arbitrary files from the...

This CVE describes a missing authorization vulnerability in the WP Statistics WordPress plugin that allows attackers to bypass intended access control...

This CVE describes a missing authorization vulnerability in the Easy Elementor Addons WordPress plugin that allows attackers to exploit incorrectly co...

CVE-2025-53341 is a missing authorization vulnerability in the Themovation Stratus WordPress theme that allows attackers to bypass access controls. Th...

CVE-2025-53343 is a missing authorization vulnerability in the GoodLayers Modernize WordPress theme that allows attackers to bypass access controls an...

This CVE describes a missing authorization vulnerability in the CodeablePress WordPress plugin that allows attackers to exploit incorrectly configured...

This vulnerability allows authenticated low-privileged users on Cisco Secure FMC to bypass authorization checks and access reports from different doma...

This CVE describes a missing authorization vulnerability in the WpEvently WordPress plugin that allows attackers to bypass intended access controls. A...

This CVE describes a missing authorization vulnerability in the Dariolee Netease Music WordPress plugin that allows attackers to bypass access control...

The Simple Local Avatars WordPress plugin version 2.8.4 has an authorization vulnerability that allows authenticated users (even subscribers) to modif...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to modify compatibility option settings in the Ultimate...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to modify opt-in status settings without proper authori...

The WP Wallcreeper WordPress plugin has an authorization bypass vulnerability that allows authenticated users with Subscriber-level permissions or hig...

This vulnerability allows unauthorized users to read deployment job logs in GitLab by sending specially crafted requests. It affects GitLab Community ...

The Block Editor Gallery Slider WordPress plugin has an authorization vulnerability that allows authenticated users with Subscriber-level access or hi...

This CVE describes a Missing Authorization vulnerability in the Bill Minozzi Real Estate Property 2024 Create Your Own Fields and Search Bar WordPress...

This CVE describes a missing authorization vulnerability in the LMSACE Connect WordPress plugin that allows attackers to bypass intended access contro...

This CVE describes an authorization vulnerability in n8n workflow automation platform where authenticated users can stop workflow executions they don'...

This CVE describes a missing authorization vulnerability in the Dashboard Widget Sidebar WordPress plugin that allows attackers to bypass access contr...

CVE-2025-53266 is a missing authorization vulnerability in the EdwardBock Cron Logger WordPress plugin that allows unauthorized users to access functi...

This CVE describes a missing authorization vulnerability in the QuantumCloud ChatBot WordPress plugin that allows attackers to bypass access controls....

This vulnerability allows authenticated users with Guest role permissions in GitLab to bypass UI-enforced restrictions and add child items to incident...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to abuse the Post Carousel Slider for Elementor plugin'...

This vulnerability in JetBrains TeamCity exposes usernames to users who lack proper permissions to view them. It affects organizations using TeamCity ...

This CVE describes a missing authorization vulnerability in the WP Customer Area WordPress plugin that allows attackers to bypass access controls and ...

CVE-2025-49976 is a missing authorization vulnerability in the WANotifier WordPress plugin that allows attackers to bypass intended access controls. T...

This CVE describes a missing authorization vulnerability in the WP User Profile Avatar WordPress plugin that allows attackers to bypass access control...

This CVE describes a Missing Authorization vulnerability in the Hello FSE Blog WordPress theme that allows attackers to bypass intended access control...

This CVE describes a missing authorization vulnerability in the UpStream WordPress plugin that allows attackers to bypass access controls and perform ...

A missing authorization vulnerability in the Cloudways Breeze WordPress plugin allows attackers to bypass intended access controls. This affects all B...

SAP S/4HANA Bank Account Application has an authorization vulnerability where authenticated 'approver' users can delete attachments from other users' ...

This vulnerability allows authenticated attackers with basic privileges to edit shared processing rules for bank statements that should be restricted ...

This CVE describes a Missing Authorization vulnerability in the WordPress plugin Crawlomatic Multisite Scraper Post Generator that allows attackers to...

This vulnerability allows attackers to bypass authorization controls in the Ultimate WP Mail WordPress plugin, potentially accessing administrative fu...

This CVE describes a Missing Authorization vulnerability in the Testimonials Showcase WordPress plugin that allows attackers to exploit incorrectly co...

This CVE describes a missing authorization vulnerability in the Post Grid Master WordPress plugin that allows attackers to bypass access controls. Att...

CVE-2025-29010 is a missing authorization vulnerability in the Behance Portfolio Manager WordPress plugin that allows attackers to bypass access contr...

This CVE describes a Missing Authorization vulnerability in the GPP Slideshow WordPress plugin that allows attackers to bypass access controls. It aff...

This CVE describes a missing authorization vulnerability in the Viral Loops WP Integration WordPress plugin that allows attackers to bypass intended a...

This CVE describes a missing authorization vulnerability in the 6Storage Rentals WordPress plugin that allows attackers to bypass access controls. It ...

The Art Theme for WordPress has a missing capability check in its 'arttheme_theme_option_restore' AJAX function, allowing authenticated users with sub...

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in Mautic's segment cloning functionality. Any authenticated user can clon...

The MStore API WordPress plugin has an authorization vulnerability that allows authenticated users with Subscriber-level permissions or higher to crea...

A missing authorization vulnerability in the Master Slider WordPress plugin allows attackers to perform actions without proper authentication. This af...

This CVE describes a missing authorization vulnerability in the Car Park Booking System for WordPress plugin. It allows unauthorized users to access f...

This CVE describes a Missing Authorization vulnerability in the Guru Team Bot for Telegram on WooCommerce WordPress plugin. It allows attackers to byp...

This CVE describes a missing authorization vulnerability in the Ninja Team GDPR CCPA Compliance Support WordPress plugin that allows attackers to bypa...