CWE-862 CVEs and Security Vulnerabilities

Filtered by CWE-862

Total 5310 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2023-48273	1 Wordpress	1 Wordpress	2025-07-12	5.3 Medium
Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Preloader for Website.This issue affects Preloader for Website: from n/a through 1.2.2.
CVE-2022-45841	2 Robosoft, Wordpress	2 Robo Gallery, Wordpress	2025-07-12	5.4 Medium
Missing Authorization vulnerability in RoboSoft Robo Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Robo Gallery: from n/a through 3.2.9.
CVE-2024-13719	1 Wordpress	1 Wordpress	2025-07-12	5.3 Medium
The PeproDev Ultimate Invoice plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.8 via the invoicing viewer due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to view invoices for completed orders which can contain PII of users.
CVE-2024-49694	1 Wordpress	1 Wordpress	2025-07-12	5.3 Medium
Missing Authorization vulnerability in imw3 My Wp Brand – Hide menu & Hide Plugin.This issue affects My Wp Brand – Hide menu & Hide Plugin: from n/a through 1.1.2.
CVE-2025-47601	1 Wordpress	1 Wordpress	2025-07-12	8.8 High
Missing Authorization vulnerability in Christiaan Pieterse MaxiBlocks allows Privilege Escalation.This issue affects MaxiBlocks: from n/a through 2.1.0.
CVE-2023-47225	2 Kaizencoders, Wordpress	2 Short Url, Wordpress	2025-07-12	5.4 Medium
Missing Authorization vulnerability in KaizenCoders Short URL allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Short URL: from n/a through 1.6.8.
CVE-2025-23963	1 Wordpress	1 Wordpress	2025-07-12	5.4 Medium
Missing Authorization vulnerability in Sven Hofmann & Michael Schoenrock Mark Posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mark Posts: from n/a through 2.2.3.
CVE-2024-56004	1 Wordpress	1 Wordpress	2025-07-12	5.4 Medium
Missing Authorization vulnerability in Alex W Fowler Easy Site Importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Site Importer: from n/a through 1.0.1.
CVE-2025-28920	1 Wordpress	1 Wordpress	2025-07-12	5.3 Medium
Missing Authorization vulnerability in Jogesh Responsive Google Map allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Responsive Google Map: from n/a through 3.1.5.
CVE-2023-27428	1 Wordpress	1 Wordpress	2025-07-12	5.4 Medium
Missing Authorization vulnerability in Damir Calusic WP users media allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP users media: from n/a through 4.2.3.
CVE-2024-12881	1 Wordpress	1 Wordpress	2025-07-12	8.8 High
The PlugVersions – Easily rollback to previous versions of your plugins plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the eos_plugin_reviews_restore_version() function in all versions up to, and including, 0.0.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create arbitrary files leveraging files included locally.
CVE-2024-54256	1 Wordpress	1 Wordpress	2025-07-12	7.1 High
Missing Authorization vulnerability in Seerox Easy Blocks pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Easy Blocks pro: from n/a through 1.0.21.
CVE-2025-22302	1 Wordpress	1 Wordpress	2025-07-12	5.3 Medium
Missing Authorization vulnerability in WP Wand WP Wand allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Wand: from n/a through 1.2.5.
CVE-2024-31281	1 Wordpress	1 Wordpress	2025-07-12	6.3 Medium
Missing Authorization vulnerability in Andy Moyle Church Admin church-admin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Church Admin: from n/a through 4.1.6.
CVE-2024-49687	2 Storeapps, Wordpress	2 Smart Manager, Wordpress	2025-07-12	4.3 Medium
Missing Authorization vulnerability in StoreApps Smart Manager.This issue affects Smart Manager: from n/a through 8.45.0.
CVE-2023-37887	1 Wordpress	1 Wordpress	2025-07-12	6.5 Medium
Missing Authorization vulnerability in WPSchoolPress Team WPSchoolPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPSchoolPress: from n/a through 2.2.7.
CVE-2024-56067	1 Wordpress	1 Wordpress	2025-07-12	7.5 High
Missing Authorization vulnerability in Azzaroco WP SuperBackup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP SuperBackup: from n/a through 2.3.3.
CVE-2025-31831	1 Wordpress	1 Wordpress	2025-07-12	4.3 Medium
Missing Authorization vulnerability in Team AtomChat AtomChat allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AtomChat: from n/a through 1.1.6.
CVE-2023-46610	1 Wordpress	1 Wordpress	2025-07-12	6.5 Medium
Missing Authorization vulnerability in quillforms.com Quill Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quill Forms: from n/a through 3.3.0.
CVE-2024-50052	1 Mattermost	1 Mattermost	2025-07-12	4.3 Medium
Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1, 9.5.x <= 9.5.9 fail to check that the origin of the message in an integration action matches with the original post metadata which allows an authenticated user to delete an arbitrary post.

« first previous Page 34 of 266. next last »