CWE-862: Missing Authorization

This CVE describes a missing authorization vulnerability in the BERTHA AI WordPress plugin that allows attackers to bypass access controls. It affects...

This CVE describes a Missing Authorization vulnerability in the Sharespine WooCommerce Connector WordPress plugin that allows attackers to exploit inc...

This CVE describes a missing authorization vulnerability in ProfileGrid WordPress plugin that allows attackers to bypass access controls and potential...

This CVE describes a missing authorization vulnerability in the WordPress Pinterest Automatic Pin plugin that allows attackers to bypass access contro...

This CVE describes a missing authorization vulnerability in the WordPress Auto Spinner plugin that allows attackers to bypass access controls and perf...

CVE-2025-39482 is a missing authorization vulnerability in the Eventer WordPress plugin that allows attackers to bypass intended access controls. This...

This CVE describes a missing authorization vulnerability in ValvePress Rankie WordPress plugin that allows attackers to bypass access controls. It aff...

A missing authorization vulnerability in the CSS3 Tooltips for WordPress plugin allows attackers to bypass access controls and perform unauthorized ac...

This CVE describes a Missing Authorization vulnerability in the redqteam Wishlist WordPress plugin that allows attackers to exploit incorrectly config...

This CVE describes a missing authorization vulnerability in the ContentStudio WordPress plugin that allows attackers to bypass access controls. It aff...

This CVE describes a Missing Authorization vulnerability in the pewilliams Ovation Elements WordPress plugin that allows attackers to bypass intended ...

This CVE describes a Missing Authorization vulnerability in the Simple Sitemap WordPress plugin that allows unauthorized users to access functionality...

The Aeropage Sync for Airtable WordPress plugin has an authorization vulnerability that allows authenticated users with Subscriber-level permissions o...

This CVE describes a Missing Authorization vulnerability in the WordPress Smart Hashtags plugin that allows attackers to exploit incorrectly configure...

This CVE describes a Missing Authorization vulnerability in the Sirat WordPress theme that allows attackers to bypass intended access controls. It aff...

This CVE describes an access control vulnerability in GitLab Enterprise Edition where users can view restricted project information even when related ...

This CVE describes a missing authorization vulnerability in the Download Alt Text AI WordPress plugin that allows unauthorized users to access functio...

This CVE describes a Missing Authorization vulnerability in the WPXPO WowStore WordPress plugin that allows attackers to exploit incorrectly configure...

This CVE describes a missing authorization vulnerability in Brizy Pro WordPress plugin that allows attackers to bypass access controls. It affects all...

This CVE describes a missing authorization vulnerability in the Croover.inc Rich Table of Contents WordPress plugin that allows attackers to exploit i...

This vulnerability allows authenticated non-administrative users in SAP NetWeaver Application Server ABAP to access non-sensitive data through the Vir...

The Lafka WordPress theme plugin allows authenticated users with subscriber-level access or higher to modify theme options that control the entire sit...

This CVE describes a Missing Authorization vulnerability in the RepairBuddy WordPress plugin that allows attackers to bypass access controls. It affec...

A missing authorization vulnerability in Stylemix MasterStudy LMS WordPress plugin allows attackers to bypass intended access controls. This affects a...

This CVE describes a missing authorization vulnerability in the GetSocial.io WordPress plugin that allows attackers to exploit incorrectly configured ...

This CVE describes a Missing Authorization vulnerability in the Bowo Variable Inspector WordPress plugin that allows unauthorized users to exploit inc...

This CVE describes a missing authorization vulnerability in the ERA404 StaffList WordPress plugin that allows attackers to bypass intended access cont...

This CVE describes a Missing Authorization vulnerability in the AdMail WordPress plugin that allows attackers to exploit incorrectly configured access...

This CVE describes a missing authorization vulnerability in the Xpro Theme Builder WordPress plugin that allows attackers to bypass access controls. I...

This vulnerability allows attackers with Computer/Create permission in Jenkins to copy agent configurations and access encrypted secrets they shouldn'...

This CVE describes a missing authorization vulnerability in the WP Mobile Bottom Menu WordPress plugin that allows attackers to bypass intended access...

This CVE describes a missing authorization vulnerability in the Repuso Social Proof Testimonials and Reviews WordPress plugin that allows attackers to...

This CVE describes a Missing Authorization vulnerability in the WPWebinarSystem WebinarPress WordPress plugin, allowing attackers to exploit incorrect...

This CVE describes a Missing Authorization vulnerability in the CartBoss SMS Abandoned Cart Recovery WordPress plugin that allows attackers to exploit...

This CVE describes a Missing Authorization vulnerability in the WordPress Export All Post Meta plugin that allows unauthorized users to access functio...

This CVE describes a missing authorization vulnerability in the Simple Sticky Add To Cart For WooCommerce WordPress plugin. It allows attackers to exp...

This CVE describes a missing authorization vulnerability in the Theater for WordPress plugin that allows attackers to bypass intended access controls....

This CVE describes a Missing Authorization vulnerability in the AtomChat WordPress plugin that allows attackers to bypass access controls. Attackers c...

CVE-2025-31799 is a missing authorization vulnerability in the Publitio WordPress plugin that allows attackers to bypass access controls and perform u...

This CVE describes a missing authorization vulnerability in the GB Gallery Slideshow WordPress plugin that allows attackers to bypass access controls....

A missing authorization vulnerability in the Slider Path for Elementor WordPress plugin allows attackers to bypass intended access controls. This affe...

This CVE describes a Missing Authorization vulnerability in the WP Docs WordPress plugin that allows attackers to bypass intended access controls. It ...

This CVE describes a missing authorization vulnerability in the WordPress 'Disable Elementor Editor Translation' plugin that allows attackers to bypas...

This CVE describes a missing authorization vulnerability in the Conversios.io WordPress plugin that allows attackers to bypass access controls. It aff...

This CVE describes a missing authorization vulnerability in the ThemeHunk Big Store WordPress theme that allows attackers to bypass access controls. I...

This CVE describes a missing authorization vulnerability in the WordPress plugin 'Specific Content For Mobile' that allows attackers to bypass access ...

This CVE describes a missing authorization vulnerability in the Tickera WordPress plugin that allows attackers to bypass access controls. It affects a...

Discourse users who disabled direct messaging in their preferences could still be added to group direct messages in specific circumstances. This affec...

This CVE describes a missing authorization vulnerability in the sourceplay-navermap WordPress plugin that allows attackers to bypass access controls. ...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to approve or decline group join requests, which should...