Filtered by CWE-862
Total 5367 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-47557 2025-01-02 4.3 Medium
Missing Authorization vulnerability in wp-buy Visitors Traffic Real Time Statistics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Visitors Traffic Real Time Statistics: from n/a through 7.2.
CVE-2023-47647 2025-01-02 4.3 Medium
Missing Authorization vulnerability in LearningTimes BadgeOS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BadgeOS: from n/a through 3.7.1.6.
CVE-2023-47661 2025-01-02 5.4 Medium
Missing Authorization vulnerability in Dragfy Dragfy Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dragfy Addons for Elementor: from n/a through 1.0.2.
CVE-2024-56236 2025-01-02 4.3 Medium
Missing Authorization vulnerability in Jakob Bouchard Hestia Nginx Cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hestia Nginx Cache: from n/a through 2.4.0.
CVE-2024-56253 2025-01-02 5.4 Medium
Missing Authorization vulnerability in supsystic.com Data Tables Generator by Supsystic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Data Tables Generator by Supsystic: from n/a through 1.10.36.
CVE-2023-48775 2024-12-31 5.3 Medium
Missing Authorization vulnerability in Gfazioli WP Cleanfix allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Cleanfix: from n/a through 5.6.2.
CVE-2024-56031 2024-12-31 6.5 Medium
Missing Authorization vulnerability in Yulio Aleman Jimenez Smart Shopify Product allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Shopify Product: from n/a through 1.0.2.
CVE-2023-47874 1 Perfmatters 1 Perfmatters 2024-12-31 5.4 Medium
Missing Authorization vulnerability in Perfmatters.This issue affects Perfmatters: from n/a through 2.1.6.
CVE-2024-56002 2024-12-31 6.4 Medium
Missing Authorization vulnerability in Porthas Inc. Contact Form, Survey & Form Builder – MightyForms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form, Survey & Form Builder – MightyForms: from n/a through 1.3.9.
CVE-2024-56215 2024-12-31 4.3 Medium
Missing Authorization vulnerability in Stephen Sherrard Member Directory and Contact Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Member Directory and Contact Form: from n/a through 1.7.0.
CVE-2024-56061 2024-12-31 8.8 High
Missing Authorization vulnerability in Webful Creations Computer Repair Shop allows Privilege Escalation.This issue affects Computer Repair Shop: from n/a through 3.8119.
CVE-2023-50850 2024-12-31 4.3 Medium
Missing Authorization vulnerability in Woo WooCommerce Subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Subscriptions: from n/a before 5.8.0.
CVE-2024-55995 2024-12-31 6.5 Medium
Missing Authorization vulnerability in Torod Holding LTD Torod allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Torod: from n/a through 1.7.
CVE-2024-51667 2024-12-31 4.3 Medium
Missing Authorization vulnerability in David de Boer Paytium.This issue affects Paytium: from n/a through 4.4.10.
CVE-2024-49686 2024-12-31 5.4 Medium
Missing Authorization vulnerability in Fatcat Apps Landing Page Cat.This issue affects Landing Page Cat: from n/a through 1.7.4.
CVE-2023-35149 1 Jenkins 1 Digital.ai App Management Publisher 2024-12-30 6.5 Medium
A missing permission check in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing credentials stored in Jenkins.
CVE-2020-36696 1 Tychesoftwares 1 Product Input Fields For Woocommerce 2024-12-28 7.5 High
The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handle_downloads() function in versions up to, and including, 1.2.6. This makes it possible for unauthenticated attackers to download files from the vulnerable service.
CVE-2020-36697 1 Appsaloon 1 Wp Gdpr 2024-12-28 7.3 High
The WP GDPR plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in versions up to, and including, 2.1.1. This makes it possible for unauthenticated attackers to delete any comment and modify the plugin’s settings.
CVE-2021-4339 1 Stylemixthemes 1 Ulisting 2024-12-28 7.5 High
The uListing plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the "ulisting/includes/route.php" file on the /1/api/ulisting-user/search REST-API route in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to retrieve the list of all users and their email address in the database.
CVE-2021-4341 1 Stylemixthemes 1 Ulisting 2024-12-28 9.8 Critical
The uListing plugin for WordPress is vulnerable to authorization bypass via Ajax due to missing capability checks, missing input validation, and a missing security nonce in the stm_update_email_data AJAX action in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to change any WordPress option in the database.