CWE-862 CVEs and Security Vulnerabilities

Filtered by CWE-862

Total 5347 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-24588	2 Patreon, Wordpress	2 Patreon Wordpress, Wordpress	2025-07-12	6.5 Medium
Missing Authorization vulnerability in Patreon Patreon WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Patreon WordPress: from n/a through 1.9.1.
CVE-2025-24734	2 Codesolz, Wordpress	2 Better Find And Replace, Wordpress	2025-07-12	8.8 High
Missing Authorization vulnerability in CodeSolz Better Find and Replace allows Privilege Escalation. This issue affects Better Find and Replace: from n/a through 1.6.7.
CVE-2025-24751	2 Godaddy, Wordpress	2 Coblocks, Wordpress	2025-07-12	4.3 Medium
Missing Authorization vulnerability in GoDaddy CoBlocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CoBlocks: from n/a through 3.1.13.
CVE-2025-24972	1 Discourse	1 Discourse	2025-07-12	4.3 Medium
Discourse is an open-source discussion platform. Prior to versions `3.3.4` on the `stable` branch and `3.4.0.beta5` on the `beta` branch, in specific circumstances, users could be added to group direct messages despite disabling direct messaging in their preferences. Versions `3.3.4` and `3.4.0.beta5` contain a patch for the issue. A workaround is available. If a user disables chat in their preferences then they cannot be added to new group chats.
CVE-2025-26370	1 Q-free	1 Maxtime	2025-07-12	7.1 High
A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove privileges from user groups via crafted HTTP requests.
CVE-2025-26373	1 Q-free	1 Maxtime	2025-07-12	6.5 Medium
A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua (user endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to enumerate users via crafted HTTP requests.
CVE-2025-26374	1 Q-free	1 Maxtime	2025-07-12	6.5 Medium
A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua (users endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to enumerate users via crafted HTTP requests.
CVE-2025-26377	1 Q-free	1 Maxtime	2025-07-12	8.1 High
A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove users via crafted HTTP requests.
CVE-2025-26995	2 Anton Vanyukov, Wordpress	2 Market Exporter, Wordpress	2025-07-12	5.4 Medium
Missing Authorization vulnerability in Anton Vanyukov Market Exporter allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Market Exporter: from n/a through 2.0.21.
CVE-2025-27294	2 Platcom, Wordpress	2 Wp-asambleas, Wordpress	2025-07-12	4.8 Medium
Missing Authorization vulnerability in platcom WP-Asambleas allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP-Asambleas: from n/a through 2.85.0.
CVE-2025-30017	1 Sap	1 Solution Manager	2025-07-12	4.4 Medium
Due to a missing authorization check, an authenticated attacker could upload a file as a template for solution documentation in SAP Solution Manager 7.1. After successful exploitation, an attacker can cause limited impact on the integrity and availability of the application.
CVE-2025-30592	2 Westerndeal, Wordpress	2 Advanced Dewplayer, Wordpress	2025-07-12	5.3 Medium
Missing Authorization vulnerability in westerndeal Advanced Dewplayer allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced Dewplayer: from n/a through 1.6.
CVE-2025-30828	2 Arraytics, Wordpress	2 Timetics, Wordpress	2025-07-12	5.3 Medium
Missing Authorization vulnerability in Arraytics Timetics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Timetics: from n/a through 1.0.29.
CVE-2025-30853	1 Shortpixel	1 Shortpixel Adaptive Images	2025-07-12	5.4 Medium
Missing Authorization vulnerability in ShortPixel ShortPixel Adaptive Images allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ShortPixel Adaptive Images: from n/a through 3.10.0.
CVE-2025-30881	2 Themehunk, Wordpress	2 Big Store, Wordpress	2025-07-12	4.3 Medium
Missing Authorization vulnerability in ThemeHunk Big Store allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Big Store: from n/a through 2.0.8.
CVE-2025-30909	2 Conversios, Wordpress	2 Conversios.io, Wordpress	2025-07-12	4.3 Medium
Missing Authorization vulnerability in Conversios Conversios.io allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Conversios.io: from n/a through 7.2.3.
CVE-2025-31417	2 Fahad Mahmood, Wordpress	2 Wp Docs, Wordpress	2025-07-12	4.3 Medium
Missing Authorization vulnerability in Fahad Mahmood WP Docs allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Docs: from n/a through n/a.
CVE-2025-31732	1 Gb-plugins	1 Gb Gallery Slideshow	2025-07-12	4.3 Medium
Missing Authorization vulnerability in gb-plugins GB Gallery Slideshow allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GB Gallery Slideshow: from n/a through 1.3.
CVE-2025-31822	2 Ashish Ajani, Wordpress	2 Wp Simple Html Sitemap, Wordpress	2025-07-12	5.3 Medium
Missing Authorization vulnerability in Ashish Ajani WP Simple HTML Sitemap allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Simple HTML Sitemap: from n/a through 3.2.
CVE-2025-31868	1 Joomsky	1 Js Job Manager	2025-07-12	5.3 Medium
Missing Authorization vulnerability in JoomSky JS Job Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JS Job Manager: from n/a through 2.0.2.

« first previous Page 42 of 268. next last »