CWE-862: Missing Authorization

This CVE describes a Missing Authorization vulnerability in the Userpro WordPress plugin by DeluxeThemes. It allows attackers to bypass access control...

This CVE describes a Missing Authorization vulnerability in the Bit Assist WordPress plugin that allows attackers to bypass access controls. It affect...

This CVE describes a missing authorization vulnerability in the WP Adminify WordPress plugin that allows attackers to bypass access controls. It affec...

This CVE describes a missing authorization vulnerability in the WP Adminify WordPress plugin that allows attackers to bypass access controls and perfo...

This CVE describes a Missing Authorization vulnerability in the Trustindex Widgets for Social Photo Feed WordPress plugin. It allows attackers to expl...

This CVE describes a Missing Authorization vulnerability in the Funnelforms Free WordPress plugin that allows attackers to bypass access controls. Att...

This CVE describes a missing authorization vulnerability in the WP Document Revisions WordPress plugin that allows attackers to bypass access controls...

This CVE describes a missing authorization vulnerability in the Cooked WordPress plugin that allows attackers to bypass access controls. It affects al...

This CVE describes a Missing Authorization vulnerability in the SALESmanago WordPress plugin that allows attackers to bypass access controls. It affec...

This CVE describes a Missing Authorization vulnerability in the Spider Themes BBP Core WordPress plugin that allows attackers to bypass access control...

This CVE describes a Missing Authorization vulnerability in the Wappointment WordPress plugin that allows attackers to bypass access controls. It affe...

This CVE describes a missing authorization vulnerability in the Virusdie WordPress plugin that allows attackers to bypass access controls. Attackers c...

This CVE describes a Missing Authorization vulnerability in the WP Time Slots Booking Form WordPress plugin that allows attackers to bypass access con...

This CVE describes a Missing Authorization vulnerability in the WpStream WordPress plugin that allows attackers to bypass access controls and perform ...

This CVE describes a Missing Authorization vulnerability in the WpStream WordPress plugin that allows attackers to bypass access controls and perform ...

This CVE describes a missing authorization vulnerability in the icc0rz H5P WordPress plugin that allows attackers to bypass access controls. It affect...

The Demo Importer Plus WordPress plugin has a critical vulnerability that allows authenticated attackers with Subscriber-level access or higher to tri...

The Postem Ipsum WordPress plugin has a privilege escalation vulnerability that allows authenticated users with Subscriber-level access or higher to c...

CVE-2021-47701 is a privilege escalation vulnerability in OpenBMCS 2.4 that allows authenticated users with read-only permissions to elevate their pri...

This CVE describes a missing authorization vulnerability in the Webba Booking WordPress plugin that allows attackers to bypass access controls. Attack...

This CVE describes a Missing Authorization vulnerability in Mikado-Themes Powerlift WordPress theme that allows attackers to bypass access controls. I...

This CVE describes a Missing Authorization vulnerability in the Elated-Themes The Aisle WordPress theme that allows attackers to bypass access control...

This CVE describes a missing authorization vulnerability in the WordPress Photo Block plugin that allows attackers to bypass access controls. Attacker...

This CVE describes a Missing Authorization vulnerability in the Virtuaria PagBank/PagSeguro para Woocommerce WordPress plugin that allows attackers to...

This CVE describes a Missing Authorization vulnerability in the ConveyThis WordPress translation plugin that allows attackers to bypass access control...

This CVE describes a missing authorization vulnerability in the WordPress Quick Interest Slider plugin that allows attackers to bypass access controls...

The Realty Portal WordPress plugin versions 0.1 to 0.4.1 contain a missing capability check vulnerability that allows authenticated users with Subscri...

This CVE describes a Missing Authorization vulnerability in the VikBooking Hotel Booking Engine & PMS WordPress plugin. It allows attackers to bypass ...

This CVE describes a missing authorization vulnerability in the WordPress Backup and Move plugin that allows attackers to bypass access controls. Atta...

This CVE describes a Missing Authorization vulnerability in the bPlugins Image Gallery WordPress plugin (versions up to 1.0.7). It allows attackers to...

This vulnerability allows authenticated WordPress users with subscriber-level access or higher to install arbitrary plugin packages from crafted URLs,...

CVE-2025-64349 is an access control vulnerability in ELOG that allows authenticated users to modify other users' profiles. An attacker can change a ta...

Nagios XI versions before 2024R1 have a missing access control vulnerability in the Web SSH Terminal. Remote attackers with low privileges can access ...

This CVE describes a Missing Authorization vulnerability in the MDZ Persian Admin Fonts WordPress plugin that allows attackers to bypass access contro...

This CVE describes a missing authorization vulnerability in the QuantumCloud ChatBot WordPress plugin that allows attackers to bypass access controls....

This CVE describes a missing authorization vulnerability in the Revive Old Posts WordPress plugin (also known as tweet-old-post) that allows attackers...

This CVE describes a Missing Authorization vulnerability in the Everest Backup WordPress plugin that allows attackers to bypass access controls and po...

This vulnerability allows attackers to bypass authorization controls in the Post Grid and Gutenberg Blocks WordPress plugin, potentially accessing or ...

This CVE describes a Missing Authorization vulnerability in the WordPress Testimonial Slider plugin that allows attackers to bypass access controls. A...

This CVE describes a Missing Authorization vulnerability in the Microsoftstart MSN Partner Hub WordPress plugin that allows attackers to bypass access...

This CVE describes a Missing Authorization vulnerability in the IgnitionDeck WordPress plugin that allows attackers to bypass access controls. Attacke...

This CVE describes a Missing Authorization vulnerability in King Addons for Elementor WordPress plugin that allows attackers to bypass access controls...

The Classified Pro WordPress theme allows authenticated users with subscriber-level access or higher to install arbitrary plugins due to a missing cap...

The GSheetConnector For Gravity Forms WordPress plugin has an authorization bypass vulnerability that allows authenticated users with subscriber-level...

This vulnerability allows authenticated users in the AiKaan IoT Platform to assign themselves as administrators of other departments, bypassing proper...

A sandbox bypass vulnerability in Apple's macOS and iOS/iPadOS allows shortcuts to escape security restrictions. This affects users running vulnerable...

This CVE describes a sandbox escape vulnerability in Apple's mobile operating systems where an app can bypass its security restrictions. It affects iO...

The Time Tracker WordPress plugin has a missing capability check vulnerability that allows authenticated users with Subscriber-level access or higher ...

The My WP Translate WordPress plugin has a privilege escalation vulnerability that allows authenticated users with Subscriber-level access or higher t...

This CVE describes a missing authorization vulnerability in Ivanti security products that allows authenticated users with read-only admin privileges t...