CWE-862: Missing Authorization

This CVE describes a missing authorization vulnerability in SolidWP iThemes Sync WordPress plugin that allows attackers to bypass access controls. It ...

This CVE describes a missing authorization vulnerability in the QR code MeCard/vCard generator WordPress plugin that allows unauthorized users to acce...

This CVE describes a missing authorization vulnerability in the WordPress Quiz And Survey Master plugin that allows attackers to bypass access control...

This CVE describes a Missing Authorization vulnerability in the Inisev Social Media & Share Icons WordPress plugin that allows attackers to exploit in...

This vulnerability allows authenticated WordPress users to activate arbitrary plugins without proper authorization in the Viral Mag theme. It affects ...

CVE-2022-47176 is a missing authorization vulnerability in the Depicter Slider WordPress plugin that allows attackers to exploit incorrectly configure...

CVE-2022-46811 is a missing authorization vulnerability in the ALD Dropshipping plugin for WordPress that allows attackers to exploit incorrectly conf...

This CVE describes a missing authorization vulnerability in the Formidable Forms WordPress plugin that allows attackers to exploit incorrectly configu...

This CVE describes a missing authorization vulnerability in the eRoom WordPress plugin that allows attackers to bypass access controls. It affects all...

The Hash Form WordPress plugin has an authorization vulnerability that allows authenticated users with Contributor-level permissions or higher to crea...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to whitelist scripts without proper authorization. Atta...

The Child Theme Creator by Orbisius WordPress plugin's Cloud Library Addon has missing capability checks in cloud_delete() and cloud_update() function...

The Custom Skins Contact Form 7 WordPress plugin has a missing capability check vulnerability that allows authenticated users with Subscriber-level ac...

CVE-2024-54269 is a missing authorization vulnerability in the Notibar WordPress plugin that allows attackers to bypass access controls and perform un...

This CVE describes a Missing Authorization vulnerability in the Dotstore Minimum and Maximum Quantity for WooCommerce plugin that allows attackers to ...

This CVE describes a Missing Authorization vulnerability in the Social Media Feather WordPress plugin that allows attackers to exploit incorrectly con...

This CVE describes a Missing Authorization vulnerability in the Product Filter by WBW WordPress plugin. It allows attackers to exploit incorrectly con...

This CVE describes a missing authorization vulnerability in the Custom Login WordPress plugin that allows attackers to bypass access controls. It affe...

This vulnerability allows attackers to exploit missing authorization checks in the Post Duplicator WordPress plugin, enabling unauthorized users to du...

This CVE describes a Missing Authorization vulnerability in the Bulk Edit Post Titles WordPress plugin that allows attackers to exploit incorrectly co...

This CVE describes a Missing Authorization vulnerability in the Veribo, Roland Murg WP Booking System plugin for WordPress, allowing attackers to expl...

This CVE describes a missing authorization vulnerability in GoDaddy's Email Marketing WordPress plugin that allows attackers to bypass access controls...

This CVE describes a Missing Authorization vulnerability in the Easy Social Feed WordPress plugin that allows attackers to exploit incorrectly configu...

This vulnerability allows attackers to bypass authorization controls in the Conditional Fields for Contact Form 7 WordPress plugin, potentially access...

This CVE describes a missing authorization vulnerability in the WordPress BetterDocs plugin that allows attackers to bypass intended access controls. ...

CVE-2023-47780 is a missing authorization vulnerability in the EasyAzon WordPress plugin that allows attackers to exploit incorrectly configured acces...

This vulnerability allows attackers to bypass authorization controls in the Essential Blocks for Gutenberg WordPress plugin, potentially accessing res...

This CVE describes a Missing Authorization vulnerability in the Smart WooCommerce Search WordPress plugin that allows attackers to exploit incorrectly...

This CVE describes a missing authorization vulnerability in the Real Estate Directory WordPress theme that allows authenticated users to activate arbi...

This CVE describes a Missing Authorization vulnerability in the WordPress Site Reviews plugin that allows attackers to exploit incorrectly configured ...

This CVE describes a missing authorization vulnerability in the Backup Bank WordPress plugin that allows attackers to bypass access controls. It affec...

This CVE describes a Missing Authorization vulnerability in the Chankhe WordPress theme that allows authenticated users to activate arbitrary plugins ...

CVE-2023-25993 is a missing authorization vulnerability in the WebberZone Top 10 WordPress plugin that allows attackers to exploit incorrectly configu...

This CVE describes a missing authorization vulnerability in the WordPress 'We're Open!' plugin that allows attackers to bypass access controls. It aff...

The Migrate Clone WordPress plugin versions up to 2.3.7 have a missing authorization vulnerability that allows attackers to exploit incorrectly config...

This CVE describes a Missing Authorization vulnerability in the Clever Widgets Enhanced Text Widget WordPress plugin. It allows attackers to exploit i...

This vulnerability allows attackers to bypass authorization controls in the Spectra WordPress plugin, potentially enabling unauthorized actions. It af...

CVE-2023-23725 is a missing authorization vulnerability in the Shortcodes WordPress plugin that allows attackers to bypass access controls and perform...

The SMS for Lead Capture Forms WordPress plugin has an authorization vulnerability that allows authenticated users with Subscriber-level access or hig...

The Message Filter for Contact Form 7 WordPress plugin has an authorization vulnerability that allows authenticated users with subscriber-level access...

The Eleblog WordPress plugin has an authorization vulnerability that allows any authenticated user (including basic Subscribers) to submit plugin deac...

This CVE describes a Missing Authorization vulnerability in the E-goi Smart Marketing SMS and Newsletters Forms WordPress plugin that allows attackers...

This vulnerability in the WordPress Image Alt Text plugin allows authenticated attackers with subscriber-level access or higher to modify alt text on ...

The Hustle WordPress plugin has an authorization vulnerability that allows authenticated users with Subscriber-level access or higher to view unpublis...

The WPDash Notes WordPress plugin has an authorization vulnerability that allows authenticated users with Subscriber-level access or higher to view co...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to add or remove custom sidebars when the Carbon Fields...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to view playlist settings without proper authorization....

This vulnerability in the Ultimate YouTube Video & Shorts Player With Vimeo WordPress plugin allows authenticated attackers with Subscriber-level acce...

This vulnerability in the Ultimate Member WordPress plugin allows authenticated attackers with subscriber-level access or higher to change other users...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to view revision history of posts and pages, potentiall...