CWE-862: Missing Authorization

This CVE describes a missing authorization vulnerability in the sourceplay-navermap WordPress plugin that allows attackers to bypass access controls. ...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to approve or decline group join requests, which should...

This vulnerability in open-webui v0.3.8 allows attackers to bypass access controls and view all prompts created by administrators. Attackers can retri...

The WPSchoolPress WordPress plugin has a missing capability check that allows authenticated users with teacher-level access or higher to delete any us...

The Zegen Church WordPress theme has missing capability checks on AJAX endpoints, allowing authenticated users with Subscriber-level access or higher ...

This vulnerability in the Pagelayer WordPress plugin allows authenticated users with Contributor-level access or higher to bypass post moderation and ...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to enable/disable plugin widgets without proper authori...

This CVE describes a missing authorization vulnerability in the WP Performance Pack WordPress plugin that allows attackers to exploit incorrectly conf...

This vulnerability in SAP's Manage Purchasing Info Records OData service allows authenticated users to escalate privileges due to missing authorizatio...

An authenticated low-privilege user can exploit a missing authorization check in the IBS module of FS-RBD to perform unauthorized actions beyond their...

The Post Lockdown WordPress plugin has an information exposure vulnerability that allows authenticated users with Subscriber-level access or higher to...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to import demo content and overwrite the site through A...

The VW Storefront WordPress theme has a missing capability check vulnerability that allows authenticated users with Subscriber-level access or higher ...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to modify plugin page settings without proper authoriza...

The Forex Calculators WordPress plugin has an authorization vulnerability that allows authenticated users with Subscriber-level permissions or higher ...

This CVE describes a broken authorization vulnerability where authenticated users can download IOA script and configuration files by knowing specific ...

This CVE describes a Missing Authorization vulnerability in WPZOOM Recipe Card Blocks for WordPress that allows unauthorized users to access functiona...

This CVE describes a Missing Authorization vulnerability in WPDeveloper's Essential Blocks for Gutenberg WordPress plugin. It allows attackers to expl...

The Team Builder WordPress plugin has an authorization vulnerability that allows authenticated users with Subscriber-level access or higher to modify ...

The Team – Team Members Showcase Plugin for WordPress has a missing capability check in its response() function, allowing authenticated attackers wi...

The Read More & Accordion WordPress plugin has an authorization vulnerability that allows authenticated users with Subscriber-level access or higher t...

This vulnerability allows authenticated low-privileged attackers to create arbitrary user groups in Q-Free MaxTime traffic management systems. Attacke...

The WP Table Manager WordPress plugin has an authorization vulnerability that allows authenticated users with Subscriber-level access or higher to rea...

This CVE describes an authorization bypass vulnerability in SAP systems where authenticated users can access unauthorized data through a remote-enable...

This vulnerability allows banned group members to access updates to issues via the GitLab API, potentially exposing sensitive information about issue ...

A missing authorization vulnerability in the FameThemes OnePress WordPress theme allows attackers to bypass access controls and potentially modify the...

The Eventer WordPress plugin has an authorization vulnerability that allows authenticated users with subscriber-level permissions or higher to downloa...

This CVE describes a Missing Authorization vulnerability in the Hide Shipping Method For WooCommerce plugin that allows unauthorized users to access f...

This CVE describes a Missing Authorization vulnerability in the Xfinity Soft Content Cloner WordPress plugin that allows attackers to exploit incorrec...

This CVE describes a Missing Authorization vulnerability in the Shortcodes and extra features for Phlox theme WordPress plugin. It allows attackers to...

This vulnerability in the WordPress Login Page Styler plugin allows authenticated attackers with Subscriber-level access or higher to delete login log...

The Food Menu plugin for WordPress has a missing capability check that allows authenticated users with Subscriber-level access or higher to modify plu...

This vulnerability allows authenticated WordPress users with subscriber-level access or higher to enable or disable widgets without proper authorizati...

The zStore Manager Basic WordPress plugin has a missing capability check vulnerability that allows authenticated users with Subscriber-level access or...

The ECPay Ecommerce for WooCommerce WordPress plugin has an authorization vulnerability that allows authenticated users with Subscriber-level access o...

CVE-2025-24744 is a missing authorization vulnerability in the Bridge Core WordPress plugin that allows attackers to bypass access controls. This affe...

This CVE describes a missing authorization vulnerability in the Houzez WordPress theme that allows unauthorized users to access functionality intended...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to delete other users' reviews in the Youzify plugin. I...

This CVE describes a missing authorization vulnerability in GoDaddy's CoBlocks WordPress plugin that allows attackers to bypass access controls. It af...

This CVE describes a missing authorization vulnerability in the ThimPress Thim Elementor Kit WordPress plugin that allows attackers to exploit incorre...

This CVE describes a missing authorization vulnerability in the Yehi Advanced Notifications WordPress plugin that allows attackers to exploit incorrec...

This CVE describes a missing authorization vulnerability in the WordPress Internal Links Manager plugin (also called SEO Automated Link Building) that...

This CVE describes a missing authorization vulnerability in the Super Block Slider WordPress plugin that allows attackers to bypass access controls. I...

This CVE describes a missing authorization vulnerability in ElementInvader Addons for Elementor WordPress plugin that allows attackers to bypass inten...

This CVE describes a missing authorization vulnerability in the NinjaTeam GDPR CCPA Compliance Support WordPress plugin that allows attackers to bypas...

The WPBot Pro WordPress Chatbot plugin has an authorization vulnerability that allows authenticated users with Subscriber-level access or higher to cr...

This CVE describes a missing authorization vulnerability in the ApplyOnline WordPress plugin that allows attackers to bypass access controls. It affec...

This CVE describes a missing authorization vulnerability in the Salvador AI Image Generator WordPress plugin that allows attackers to bypass access co...

This CVE describes a Missing Authorization vulnerability in the Sur.ly WordPress plugin that allows attackers to exploit incorrectly configured access...

This CVE describes a Missing Authorization vulnerability in the Goldstar WordPress plugin that allows attackers to bypass access controls. Attackers c...