CWE-862: Missing Authorization

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to view revision history of posts and pages, potentiall...

This vulnerability allows unauthorized users to exploit incorrectly configured access controls in the Easy Accordion Gutenberg Block WordPress plugin....

This CVE describes a Missing Authorization vulnerability in the Rextheme WP VR WordPress plugin that allows attackers to exploit incorrectly configure...

This CVE describes a Missing Authorization vulnerability in the Sunshine Photo Cart WordPress plugin that allows attackers to bypass intended access c...

The WP Chat App WordPress plugin allows authenticated attackers with Subscriber-level access or higher to install the filebird plugin without proper a...

The Tutor LMS Elementor Addons WordPress plugin has a missing capability check that allows authenticated users with Subscriber-level access or higher ...

This vulnerability in Jenkins Script Security Plugin allows attackers with Overall/Read permission to check for the existence of files on the Jenkins ...

The Buy one click WooCommerce WordPress plugin has an authorization vulnerability that allows authenticated users with Subscriber-level access or high...

The Buy one click WooCommerce WordPress plugin has an authorization vulnerability that allows authenticated users with Subscriber-level access or high...

The Tumult Hype Animations WordPress plugin has an authorization vulnerability that allows authenticated users with Subscriber-level access or higher ...

This CVE describes a Missing Authorization vulnerability in the Happy Addons for Elementor WordPress plugin. It allows attackers to exploit incorrectl...

CubeWP WordPress plugin versions up to 1.1.15 have a missing authorization vulnerability that allows attackers to bypass access controls and potential...

This CVE describes a Missing Authorization vulnerability in the Magazine3 PWA for WP & AMP WordPress plugin that allows attackers to exploit incorrect...

CVE-2024-44052 is a missing authorization vulnerability in the HelloAsso WordPress plugin that allows attackers to bypass access controls and perform ...

This CVE describes a missing authorization vulnerability in the WooCommerce Multilingual & Multicurrency WordPress plugin that allows attackers to exp...

This CVE describes a Missing Authorization vulnerability in the WP Free SSL WordPress plugin. It allows attackers to perform actions without proper au...

This CVE describes a Missing Authorization vulnerability in the BearDev JoomSport WordPress plugin that allows attackers to bypass access controls. It...

This CVE describes a missing authorization vulnerability in the GeoDirectory WordPress plugin that allows attackers to bypass access controls. It affe...

This CVE describes a missing authorization vulnerability in the GetPaid WordPress plugin that allows attackers to bypass access controls and perform u...

This CVE describes a Missing Authorization vulnerability in the Order Tracking WordPress plugin that allows unauthorized users to access functionality...

This CVE describes a missing authorization vulnerability in the Envira Photo Gallery WordPress plugin that allows attackers to bypass access controls....

This vulnerability allows attackers to bypass authorization controls in the Asset CleanUp: Page Speed Booster WordPress plugin, potentially accessing ...

This CVE describes a Missing Authorization vulnerability in the Jordy Meow Photo Engine WordPress plugin that allows attackers to bypass access contro...

This CVE describes a Missing Authorization vulnerability in the WordPress Clone plugin (Migrate Clone) that allows attackers to exploit incorrectly co...

This CVE describes a Missing Authorization vulnerability in the WordPress Flash & HTML5 Video plugin by bPlugins LLC. It allows attackers to bypass ac...

This CVE describes a Missing Authorization vulnerability in Zaytech's Smart Online Order for Clover WordPress plugin. It allows attackers to bypass ac...

This CVE describes a Missing Authorization vulnerability in the WP Search Analytics WordPress plugin that allows attackers to exploit incorrectly conf...

This CVE describes a missing authorization vulnerability in the Easy Digital Downloads WordPress plugin that allows attackers to bypass access control...

This vulnerability allows unauthorized users to access administrative functions in the Advanced Cron Manager WordPress plugin due to missing authoriza...

This CVE describes a Missing Authorization vulnerability in the Aruba HiSpeed Cache WordPress plugin that allows attackers to exploit incorrectly conf...

This CVE describes a Missing Authorization vulnerability in the Sunshine Photo Cart WordPress plugin that allows attackers to bypass access controls. ...

This CVE describes a Missing Authorization vulnerability in the Seraphinite Post .DOCX Source WordPress plugin that allows attackers to exploit incorr...

CVE-2024-38714 is a missing authorization vulnerability in the WP Fast Total Search WordPress plugin that allows attackers to bypass access controls a...

This CVE describes a Missing Authorization vulnerability in the Brainstorm Force Spectra WordPress plugin, allowing attackers to exploit incorrectly c...

This CVE describes a Missing Authorization vulnerability in the Post Grid WordPress plugin by RadiusTheme, allowing exploitation of incorrectly config...

This CVE describes a missing authorization vulnerability in the Business One Page WordPress theme that allows attackers to exploit incorrectly configu...

This CVE describes a missing authorization vulnerability in the Church Admin WordPress plugin that allows attackers to bypass access controls and perf...

This CVE describes a missing authorization vulnerability in the WordPress Page Builder Sandwich plugin that allows attackers to exploit incorrectly co...

This CVE describes a Missing Authorization vulnerability in the PropertyHive WordPress plugin that allows attackers to exploit incorrectly configured ...

This CVE describes a Missing Authorization vulnerability in the Woocommerce Customers Order History WordPress plugin that allows attackers to bypass a...

This vulnerability allows attackers to bypass authorization controls in Envira Photo Gallery WordPress plugin, potentially enabling unauthorized actio...

The Download Monitor WordPress plugin has an authorization vulnerability that allows authenticated users with Subscriber-level access or higher to ret...

This CVE describes a Missing Authorization vulnerability in Mondula GmbH's Multi Step Form WordPress plugin that allows attackers to bypass access con...

This vulnerability in JetBrains Hub allows authenticated users to generate permanent authentication tokens for services they shouldn't have access to....

The Download Monitor WordPress plugin has an authorization vulnerability that allows authenticated users with Subscriber-level permissions or higher t...

The Editorial Assistant by Sovrn WordPress plugin has an authorization vulnerability that allows authenticated users with subscriber-level access or h...

The WooCommerce UPS Shipping plugin for WordPress has a missing capability check that allows authenticated users with Subscriber-level access or highe...

ProfileGrid WordPress plugin versions up to 5.9.3 have a missing authorization vulnerability that allows attackers to perform unauthorized actions. Th...

This vulnerability allows unauthorized users to modify post ordering in WordPress sites using the Simple Custom Post Order plugin. Attackers can explo...

This vulnerability allows subscribers (low-privileged users) in WordPress to dismiss admin notices they shouldn't have access to, due to broken access...