CWE-862 CVEs and Security Vulnerabilities

Filtered by CWE-862

Search

Switch to Advanced Search (Beta)

Total 7706 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2024-12542			2026-04-15	8.6 High
The linkID plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when including the 'phpinfo' function in all versions up to, and including, 0.1.2. This makes it possible for unauthenticated attackers to read configuration settings and predefined variables on the site's server. The plugin does not need to be activated for the vulnerability to be exploited.
CVE-2024-12618	2 Newsletter2go, Wordpress	2 Newsletter2go, Wordpress	2026-04-15	4.3 Medium
The Newsletter2Go plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'resetStyles' AJAX action in all versions up to, and including, 4.0.14. This makes it possible for authenticated attackers, with Subscriber-level access and above, to reset styles.
CVE-2025-23778			2026-04-15	N/A
Missing Authorization vulnerability in Pravin Durugkar User Sync ActiveCampaign registered-user-sync-activecampaign allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Sync ActiveCampaign: from n/a through <= 1.3.2.
CVE-2024-32797			2026-04-15	5.4 Medium
Missing Authorization vulnerability in Martin Gibson WP LinkedIn Auto Publish.This issue affects WP LinkedIn Auto Publish: from n/a through 8.11.
CVE-2025-49288			2026-04-15	N/A
Missing Authorization vulnerability in Rustaurius Ultimate WP Mail ultimate-wp-mail allows Authentication Bypass.This issue affects Ultimate WP Mail: from n/a through <= 1.3.5.
CVE-2023-49817	1 Woocommerce	1 Checkout Field Editor	2026-04-15	8.2 High
Missing Authorization vulnerability in heoLixfy Flexible Woocommerce Checkout Field Editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flexible Woocommerce Checkout Field Editor: from n/a through 2.0.1.
CVE-2025-49293			2026-04-15	N/A
Missing Authorization vulnerability in CodeRevolution Crawlomatic Multisite Scraper Post Generator crawlomatic-multipage-scraper-post-generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Crawlomatic Multisite Scraper Post Generator: from n/a through <= 2.6.8.2.
CVE-2025-46489			2026-04-15	N/A
Missing Authorization vulnerability in vinodvaswani9 Bulk Assign Linked Products For WooCommerce wc-bulk-assign-linked-products allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bulk Assign Linked Products For WooCommerce: from n/a through <= 2.1.
CVE-2024-55998			2026-04-15	N/A
Missing Authorization vulnerability in Eric Sloan Popup Surveys & Polls for WordPress (Mare.io) popup-surveys allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup Surveys & Polls for WordPress (Mare.io): from n/a through <= 1.36.
CVE-2025-46519			2026-04-15	N/A
Missing Authorization vulnerability in M.Code Media Library Downloader media-library-downloader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Media Library Downloader: from n/a through <= 1.3.1.
CVE-2024-54269	1 Wordpress	1 Wordpress	2026-04-15	N/A
Missing Authorization vulnerability in Ninja Team Notibar notibar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Notibar: from n/a through <= 2.1.4.
CVE-2025-57899	1 Wordpress	1 Wordpress	2026-04-15	N/A
Missing Authorization vulnerability in AresIT WP Compress wp-compress-image-optimizer allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Compress: from n/a through <= 6.50.54.
CVE-2023-28492			2026-04-15	4.3 Medium
Missing Authorization vulnerability in CodePeople CP Multi View Event Calendar allows Functionality Misuse.This issue affects CP Multi View Event Calendar: from n/a through 1.4.10.
CVE-2023-51498			2026-04-15	5.3 Medium
Missing Authorization vulnerability in Woo WooCommerce Canada Post Shipping.This issue affects WooCommerce Canada Post Shipping: from n/a through 2.8.3.
CVE-2025-32593			2026-04-15	N/A
Missing Authorization vulnerability in Bytes Technolab Add Product Frontend for WooCommerce add-product-frontend-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Add Product Frontend for WooCommerce: from n/a through <= 1.0.8.
CVE-2025-49320			2026-04-15	N/A
Missing Authorization vulnerability in fraudlabspro FraudLabs Pro for WooCommerce fraudlabs-pro-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FraudLabs Pro for WooCommerce: from n/a through <= 2.22.11.
CVE-2023-52183			2026-04-15	5.4 Medium
Missing Authorization vulnerability in WebToffee WordPress Backup & Migration.This issue affects WordPress Backup & Migration: from n/a through 1.4.3.
CVE-2025-32624	1 Wordpress	1 Wordpress	2026-04-15	N/A
Missing Authorization vulnerability in czater Czater.pl – live chat i telefon czater allows Cross Site Request Forgery.This issue affects Czater.pl – live chat i telefon: from n/a through <= 1.0.5.
CVE-2022-47604	1 Wordpress	1 Wordpress	2026-04-15	4.3 Medium
Missing Authorization vulnerability in junkcoder, ristoniinemets AJAX Thumbnail Rebuild.This issue affects AJAX Thumbnail Rebuild: from n/a through 1.13.
CVE-2025-49324			2026-04-15	N/A
Missing Authorization vulnerability in PickPlugins Job Board Manager job-board-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Job Board Manager: from n/a through <= 2.1.60.

« first previous Page 117 of 386. next last »