Filtered by CWE-862
Total 5245 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2025-53318 1 Wordpress 1 Wordpress 2025-07-13 5.4 Medium
Missing Authorization vulnerability in WPManiax WP DB Booster allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP DB Booster: from n/a through 1.0.1.
CVE-2025-52817 1 Wordpress 1 Wordpress 2025-07-13 8.2 High
Missing Authorization vulnerability in ZealousWeb Abandoned Contact Form 7 allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Abandoned Contact Form 7: from n/a through 2.0.
CVE-2025-52824 1 Wordpress 1 Wordpress 2025-07-13 8.8 High
Missing Authorization vulnerability in MDJM Mobile DJ Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Mobile DJ Manager: from n/a through 1.7.6.
CVE-2025-53266 1 Wordpress 1 Wordpress 2025-07-13 4.3 Medium
Missing Authorization vulnerability in EdwardBock Cron Logger allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cron Logger: from n/a through 1.3.0.
CVE-2025-53284 1 Wordpress 1 Wordpress 2025-07-13 6.5 Medium
Missing Authorization vulnerability in pankaj.sakaria CMS Blocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CMS Blocks: from n/a through 1.1.
CVE-2025-50039 1 Wordpress 1 Wordpress 2025-07-13 6.5 Medium
Missing Authorization vulnerability in vgwort VG WORT METIS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects VG WORT METIS: from n/a through 2.0.0.
CVE-2025-47565 1 Wordpress 1 Wordpress 2025-07-13 6.3 Medium
Missing Authorization vulnerability in ashanjay EventON allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects EventON: from n/a through 4.9.9.
CVE-2025-47634 1 Wordpress 1 Wordpress 2025-07-13 6.5 Medium
Missing Authorization vulnerability in Keylor Mendoza WC Pickup Store allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WC Pickup Store: from n/a through 1.8.9.
CVE-2025-29007 1 Wordpress 1 Wordpress 2025-07-13 4.3 Medium
Missing Authorization vulnerability in LMSACE LMSACE Connect allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects LMSACE Connect: from n/a through 3.4.
CVE-2025-30929 1 Wordpress 1 Wordpress 2025-07-13 5.3 Medium
Missing Authorization vulnerability in amazewp fluXtore allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects fluXtore: from n/a through 1.6.0.
CVE-2025-42986 1 Sap 2 Abap Platform, Netweaver 2025-07-13 4.3 Medium
Due to a missing authorization check in an obsolete RFC enabled function module in SAP BASIS, an authenticated low-privileged attacker could call a Remote Function Call (RFC), potentially accessing restricted system information. This results in low impact on confidentiality, with no impact on integrity or availability of the application.
CVE-2025-42953 1 Sap 1 Netweaver 2025-07-13 8.1 High
SAP Netweaver System Configuration does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This could completely compromise the integrity and availability with no impact on confidentiality of the system.
CVE-2024-24799 2 Woocommerce, Wordpress 2 Woocommerce Box Office, Wordpress 2025-07-13 6.5 Medium
Missing Authorization vulnerability in WooCommerce WooCommerce Box Office.This issue affects WooCommerce Box Office: from n/a through 1.2.2.
CVE-2025-26920 1 Wordpress 1 Wordpress 2025-07-13 5.4 Medium
Missing Authorization vulnerability in PressMaximum Customify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Customify: from n/a through 0.4.8.
CVE-2023-49861 1 Wordpress 1 Wordpress 2025-07-13 4.3 Medium
Missing Authorization vulnerability in socialmediafeather Social Media Feather allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Social Media Feather: from n/a through 2.1.3.
CVE-2024-10783 2 Mainwp, Wordpress 2 Mainwp Child, Wordpress 2025-07-13 8.1 High
The MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites plugin for WordPress is vulnerable to privilege escalation due to a missing authorization checks on the register_site function in all versions up to, and including, 5.2 when a site is left in an unconfigured state. This makes it possible for unauthenticated attackers to log in as an administrator on instances where MainWP Child is not yet connected to the MainWP Dashboard. IMPORTANT: this only affects sites who have MainWP Child installed and have not yet connected to the MainWP Dashboard, and do not have the unique security ID feature enabled. Sites already connected to the MainWP Dashboard plugin and do not have the unique security ID feature enabled, are NOT affected and not required to upgrade. Please note 5.2.1 contains a partial patch, though we consider 5.3 to be the complete patch.
CVE-2023-47838 1 Wordpress 1 Wordpress 2025-07-13 4.3 Medium
Missing Authorization vulnerability in Jules Colle Conditional Fields for Contact Form 7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Conditional Fields for Contact Form 7: from n/a through 2.4.1.
CVE-2024-51660 1 Wordpress 1 Wordpress 2025-07-13 4.3 Medium
Missing Authorization vulnerability in Zakaria Binsaifullah Easy Accordion Gutenberg Block allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Accordion Gutenberg Block: from n/a through 1.2.3.
CVE-2025-29013 1 Wordpress 1 Wordpress 2025-07-13 5.4 Medium
Missing Authorization vulnerability in faaiq Custom Category/Post Type Post order allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Custom Category/Post Type Post order: from n/a through 1.5.9.
CVE-2025-30605 1 Wordpress 1 Wordpress 2025-07-13 4.3 Medium
Missing Authorization vulnerability in ldwin79 sourceplay-navermap allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects sourceplay-navermap: from n/a through 0.0.2.