CWE-862: Missing Authorization

This vulnerability allows authenticated attackers with at least Contributor-level access in WordPress to modify arbitrary site options, potentially es...

CVE-2025-24734 is a missing authorization vulnerability in the CodeSolz Better Find and Replace WordPress plugin that allows authenticated attackers w...

The Zox News WordPress theme has a vulnerability allowing authenticated users with Subscriber-level access or higher to modify arbitrary site options ...

The WordPress WebinarPress plugin has a missing capability check vulnerability that allows authenticated users with subscriber-level access or higher ...

This vulnerability in the WordPress WebinarPress plugin allows authenticated attackers with subscriber-level access or higher to create arbitrary file...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to execute arbitrary code on the server. It affects sit...

The Croma Music WordPress plugin has a privilege escalation vulnerability that allows authenticated users with Subscriber-level access or higher to mo...

This vulnerability in the SMS Alert Order Notifications WooCommerce plugin allows authenticated attackers with subscriber-level access or higher to mo...

CVE-2023-47179 is a missing authorization vulnerability in ByConsole WooODT Lite WordPress plugin that allows attackers to modify arbitrary site optio...

This vulnerability allows attackers to escalate privileges in Webful Creations Computer Repair Shop WordPress plugin due to missing authorization chec...

This CVE describes a Missing Authorization vulnerability in the Userpro WordPress plugin by DeluxeThemes. It allows authenticated users to update arbi...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to upload arbitrary files to the server due to missing ...

This vulnerability in the Custom Login Page Styler WordPress plugin allows authenticated attackers with Subscriber-level access or higher to escalate ...

This CVE describes a Missing Authorization vulnerability in the WPLMS WordPress plugin by VibeThemes that allows attackers to access functionality not...

The CRM WordPress Plugin – RepairBuddy plugin for WordPress has a privilege escalation vulnerability that allows authenticated attackers with subscr...

This CVE describes a missing authorization vulnerability in the Quietly Insights WordPress plugin that allows authenticated attackers to update arbitr...

This CVE describes a Missing Authorization vulnerability in CleanTalk's WordPress anti-spam plugin that allows attackers to bypass access controls and...

The de:branding WordPress plugin has a privilege escalation vulnerability that allows authenticated users with subscriber-level access or higher to mo...

The AI Quiz WordPress plugin has a privilege escalation vulnerability that allows authenticated users with Subscriber-level access or higher to modify...

The AllAccessible WordPress plugin up to version 1.3.4 has a missing capability check that allows authenticated users with Subscriber-level access or ...

The Victure RX1800 WiFi 6 Router has Telnet enabled by default with a root account that requires no password, allowing attackers on the local network ...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to modify certain WordPress options, potentially escala...

The PostX WordPress plugin (versions up to 4.1.16) allows authenticated attackers with Subscriber-level access or higher to install and activate arbit...

This vulnerability in Jenkins Shared Library Version Override Plugin allows attackers with Item/Configure permission on a folder to bypass the Script ...

The GPX Viewer WordPress plugin allows authenticated attackers with subscriber-level access or higher to create arbitrary files on the server due to m...

The Th Shop Mania WordPress theme has a vulnerability that allows authenticated users with Subscriber-level access or higher to install arbitrary plug...

This CVE describes a Missing Authorization vulnerability in the WordPress Login As Users plugin that allows attackers to bypass access controls and im...

This CVE describes a Missing Authorization vulnerability in the Hercules Core WordPress plugin that allows authenticated users with subscriber-level p...

The Masteriyo LMS WordPress plugin has an authorization vulnerability that allows authenticated users with student-level access or higher to modify us...

This vulnerability in the Essential Addons for Elementor WordPress plugin allows attackers with access to the Elementor page builder to create registr...

This vulnerability in Oracle BI Publisher allows authenticated attackers with low privileges to gain complete control over the system via HTTP request...

This vulnerability in the WP Extended WordPress plugin allows authenticated attackers with Subscriber-level access or higher to modify arbitrary WordP...

The WooCommerce Google Feed Manager WordPress plugin has a vulnerability that allows authenticated users with Contributor-level access or higher to de...

The FundEngine WordPress plugin allows authenticated attackers with subscriber-level access or higher to escalate their privileges to administrator. T...

This vulnerability in Windows Text Services Framework allows an attacker to gain SYSTEM-level privileges on affected Windows systems. It affects Windo...

An unprotected WebSocket connection in stitionai/devika allows malicious websites to connect to the backend and issue commands as the authenticated us...

This CVE describes a Missing Authorization vulnerability in the Bill Minozzi WP Tools WordPress plugin. It allows attackers to perform unauthorized ac...

This CVE-2023-46148 is a Missing Authorization vulnerability in the Themify Ultra WordPress theme that allows authenticated users to change arbitrary ...

This CVE describes a Missing Authorization vulnerability in the XStore WordPress theme that allows attackers to modify arbitrary WordPress options wit...

This CVE describes a Missing Authorization vulnerability in the Finale Lite WordPress plugin that allows authenticated users with subscriber-level per...

This CVE describes a Missing Authorization vulnerability in the NextMove Lite WordPress plugin that allows authenticated users with subscriber-level p...

This vulnerability in Tutor LMS Pro WordPress plugin allows authenticated attackers with subscriber-level permissions or higher to bypass authorizatio...

This vulnerability allows authenticated attackers to bypass authorization checks in NETGEAR ProSAFE Network Management System's createUser function, e...

The WP Datepicker WordPress plugin has an authorization vulnerability that allows authenticated users with subscriber-level access or higher to modify...

This CVE describes a Missing Authorization vulnerability in the Undsgn Uncode Core WordPress plugin that allows attackers to escalate privileges. Atta...

This vulnerability in Jenkins docker-build-step Plugin allows attackers with Overall/Read permission to connect to arbitrary TCP or Unix socket URLs a...

This vulnerability allows unauthenticated attackers to modify captive portal configurations on Peplink Balance Two routers. Attackers can change porta...

CVE-2023-48375 is an authorization bypass vulnerability in SmartStar Software CWS web integration platform where authenticated normal users can execut...

This vulnerability allows an attacker who can log into affected NEC clustering software to execute arbitrary commands with potentially elevated privil...

The WP EXtra plugin for WordPress versions up to 6.2 has a missing capability check in the register() function, allowing authenticated attackers with ...