CWE-862: Missing Authorization

The SendGrid for WordPress plugin has a missing capability check that allows authenticated users with Subscriber-level access or higher to delete the ...

This vulnerability in the Paytium WordPress plugin allows authenticated attackers with subscriber-level access to verify the existence of a Mollie pay...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to deactivate the Multiline files upload for contact fo...

The Order Attachments for WooCommerce WordPress plugin versions 2.0 to 2.4.1 has a missing capability check on the wcoa_add_attachment AJAX action, al...

The ImagePress – Image Gallery WordPress plugin has an authorization vulnerability that allows authenticated users with Subscriber-level access or h...

The Notification for Telegram WordPress plugin versions up to 3.3.1 contain an authorization bypass vulnerability that allows authenticated users with...

The Soumettre.fr WordPress plugin has an authorization vulnerability that allows authenticated users with Subscriber-level permissions or higher to di...

The Download Monitor WordPress plugin has an authorization vulnerability that allows authenticated users with Subscriber-level access or higher to ena...

The Easy Mega Menu Plugin for WordPress has a missing capability check on AJAX functions, allowing authenticated users with subscriber-level access or...

This vulnerability in the HTML5 Video Player WordPress plugin allows authenticated attackers with Subscriber-level access or higher to modify plugin s...

This vulnerability in SAP for Oil & Gas (Transportation and Distribution) allows authenticated non-administrative users to delete non-sensitive entrie...

This vulnerability in SAP's RFC-enabled function module allows low-privileged users to add URLs to any user's workplace favorites. This enables attack...

This vulnerability in SAP's RFC-enabled function module allows low-privileged users to read any user's workplace favorites and user menu data, includi...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to modify plugin settings and forms without proper auth...

This vulnerability in OpenStack Ironic and ironic-python-agent allows authenticated users to craft malicious images that could trigger unexpected beha...

The HelloAsso WordPress plugin has an authorization vulnerability where authenticated users with Contributor-level access or higher can modify plugin ...

The Geo Controller WordPress plugin has insufficient access controls that allow authenticated users with Subscriber-level permissions or higher to cre...

CVE-2024-39591 is an authorization bypass vulnerability in SAP Document Builder where a specific function module lacks proper authorization checks. Th...

This vulnerability in SAP Student Life Cycle Management (SLcM) allows authenticated users to bypass authorization checks and delete non-sensitive repo...

The Orchid Store WordPress theme has a missing capability check that allows authenticated users with Subscriber-level access or higher to activate the...

This vulnerability in the WordPress Sync Post With Other Site plugin allows authenticated attackers with Subscriber-level access or higher to create d...

This vulnerability in XWiki Platform allows users with view-only permissions on a page to delete and replace it with new content, bypassing edit and d...

The Tutor LMS Migration Tool WordPress plugin has an authorization bypass vulnerability that allows authenticated users with subscriber-level access o...

This vulnerability allows authenticated WordPress users with Contributor-level access or higher to modify plugin settings without proper authorization...

The YITH Essential Kit for WooCommerce #1 WordPress plugin has a missing capability check vulnerability that allows authenticated users with Subscribe...

The Duplica WordPress plugin has a missing capability check vulnerability that allows authenticated attackers with Subscriber-level access or higher t...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to perform unauthorized API operations in the Email Sub...

This vulnerability in the Eventin WordPress plugin allows authenticated attackers with Contributor-level access or higher to import unauthorized data ...

CVE-2024-39596 is a missing authorization vulnerability in SAP Enable Now that allows authenticated authors to escalate privileges and access restrict...

CVE-2024-37175 is a missing authorization vulnerability in SAP CRM WebClient that allows authenticated users to escalate privileges and access sensiti...

This CVE describes a Missing Authorization vulnerability in the WordPress EmbedPress plugin that allows unauthorized users to perform actions they sho...

The Hide Dashboard Notifications WordPress plugin has a missing capability check vulnerability that allows authenticated users with contributor-level ...

This CVE describes a Missing Authorization vulnerability in the Wpmet Elements Kit Elementor addons plugin for WordPress. It allows unauthorized users...

This CVE describes a missing authorization vulnerability in the Avada WordPress theme that allows authenticated users to perform actions they shouldn'...

This CVE describes a Missing Authorization vulnerability in Automattic's Jetpack WordPress plugin that allows contributors to perform actions they sho...

This vulnerability allows guest users in JetBrains YouTrack to attach files to articles, which should be restricted. It affects YouTrack instances wit...

CVE-2023-51376 is a missing authorization vulnerability in the ProjectHuddle Client Site WordPress plugin that allows unauthorized users to access fun...

CVE-2023-35045 is a missing authorization vulnerability in the Fat Rat Collect WordPress plugin that allows unauthorized users to access functionality...

CVE-2023-51524 is a missing authorization vulnerability in the weForms WordPress plugin that allows unauthorized users to access form submission data ...

CVE-2023-47828 is a missing authorization vulnerability in the wpMandrill WordPress plugin that allows unauthorized users to access certain administra...

This CVE describes a Missing Authorization (Broken Access Control) vulnerability in the ProfileGrid WordPress plugin. It allows unauthorized users to ...

This CVE describes a Missing Authorization vulnerability in the FunnelKit Checkout WordPress plugin that allows authenticated users to activate arbitr...

This CVE describes a Missing Authorization vulnerability in the WordPress Simple Staff List plugin that allows unauthorized users to access restricted...

This CVE describes a Missing Authorization vulnerability in the Aspose.Words Exporter WordPress plugin that allows unauthorized users to access functi...

This CVE describes a Missing Authorization vulnerability in the Revolut Gateway for WooCommerce WordPress plugin. It allows unauthorized users to acce...

This CVE describes a Missing Authorization vulnerability in the ACF Photo Gallery Field WordPress plugin. It allows unauthorized users to access or mo...

This CVE describes a missing authorization vulnerability in the Soliloquy Slider WordPress plugin that allows unauthorized users to access functionali...

This CVE describes a Missing Authorization vulnerability in the WP Discourse WordPress plugin that allows unauthorized users to perform actions intend...

This CVE describes a Missing Authorization vulnerability in the Photo Gallery by 10Web WordPress plugin. It allows unauthorized users to perform actio...

This CVE describes a Missing Authorization vulnerability in the SportsPress WordPress plugin that allows unauthorized users to perform actions they sh...