CWE-862 CVEs and Security Vulnerabilities

Filtered by CWE-862

Total 5352 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-30945	1 Taskbuilder	1 Taskbuilder	2025-06-24	5.3 Medium
Missing Authorization vulnerability in taskbuilder Taskbuilder allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Taskbuilder: from n/a through 4.0.3.
CVE-2025-1233	1 Althemist	1 Lafka Plugin	2025-06-24	4.3 Medium
The Lafka Plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'lafka_options_upload' AJAX function in all versions up to, and including, 7.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the theme option that overrides the site.
CVE-2025-49969			2025-06-23	4.3 Medium
Missing Authorization vulnerability in Zara 4 Zara 4 Image Compression allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Zara 4 Image Compression: from n/a through 1.2.17.2.
CVE-2025-49970			2025-06-23	4.3 Medium
Missing Authorization vulnerability in sparklewpthemes Hello FSE Blog allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Hello FSE Blog: from n/a through 1.0.6.
CVE-2025-49971			2025-06-23	4.3 Medium
Missing Authorization vulnerability in aThemeArt Translations eDS Responsive Menu allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects eDS Responsive Menu: from n/a through 1.2.
CVE-2025-49973			2025-06-23	4.3 Medium
Missing Authorization vulnerability in GrandPlugins Image Sizes Controller, Create Custom Image Sizes, Disable Image Sizes allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Image Sizes Controller, Create Custom Image Sizes, Disable Image Sizes: from n/a through 1.0.9.
CVE-2025-49974			2025-06-23	4.3 Medium
Missing Authorization vulnerability in upstreamplugin UpStream: a Project Management Plugin for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects UpStream: a Project Management Plugin for WordPress: from n/a through 2.1.0.
CVE-2025-49976			2025-06-23	4.3 Medium
Missing Authorization vulnerability in WANotifier WANotifier allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WANotifier: from n/a through 2.7.7.
CVE-2025-49979			2025-06-23	4.3 Medium
Missing Authorization vulnerability in slui Media Hygiene allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Media Hygiene: from n/a through 4.0.1.
CVE-2025-49980			2025-06-23	4.3 Medium
Missing Authorization vulnerability in WP Event Manager WP User Profile Avatar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP User Profile Avatar: from n/a through 1.0.6.
CVE-2025-49981			2025-06-23	4.3 Medium
Missing Authorization vulnerability in mahabub81 User Roles and Capabilities allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects User Roles and Capabilities: from n/a through 1.2.6.
CVE-2025-50034			2025-06-23	6.5 Medium
Missing Authorization vulnerability in Mahmudul Hasan Arif Enhanced Blocks – Page Builder Blocks for Gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Enhanced Blocks – Page Builder Blocks for Gutenberg: from n/a through 1.4.1.
CVE-2025-49990			2025-06-23	5.3 Medium
Missing Authorization vulnerability in contentstudio ContentStudio allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects ContentStudio: from n/a through 1.3.4.
CVE-2025-49991			2025-06-23	5.3 Medium
Missing Authorization vulnerability in tggfref WP-Recall allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WP-Recall: from n/a through 16.26.14.
CVE-2025-49997			2025-06-23	5.3 Medium
Missing Authorization vulnerability in Syed Balkhi Giveaways and Contests by RafflePress allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Giveaways and Contests by RafflePress: from n/a through 1.12.17.
CVE-2025-49998			2025-06-23	5.4 Medium
Missing Authorization vulnerability in Wetail WooCommerce Fortnox Integration allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooCommerce Fortnox Integration: from n/a through 4.5.5.
CVE-2025-50009			2025-06-23	5.4 Medium
Missing Authorization vulnerability in Climax Themes Kata Plus allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Kata Plus: from n/a through 1.5.3.
CVE-2025-49987			2025-06-23	5.3 Medium
Missing Authorization vulnerability in WPFactory CRM ERP Business Solution allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CRM ERP Business Solution: from n/a through 1.13.
CVE-2025-49986			2025-06-23	5.3 Medium
Missing Authorization vulnerability in thanhtungtnt Video List Manager allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Video List Manager: from n/a through 1.7.
CVE-2025-49989			2025-06-23	5.3 Medium
Missing Authorization vulnerability in App Cheap App Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects App Builder: from n/a through 5.5.3.

« first previous Page 49 of 268. next last »