CWE-862 CVEs and Security Vulnerabilities

Filtered by CWE-862

Search

Switch to Advanced Search (Beta)

Total 7683 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-10579	2 Backwpup, Wordpress	2 Backwpup, Wordpress	2026-04-15	5.3 Medium
The BackWPup – WordPress Backup & Restore Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'backwpup_working' AJAX action in all versions up to, and including, 5.5.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve access to a back-up's filename while a backup is running. This information has little value on it's own, but could be used to aid in a brute force attack to retrieve back-up contents in limited environments (i.e. NGINX).
CVE-2023-25037	2 Codepeople, Wordpress	2 Booking Calendar Contact Form, Wordpress	2026-04-15	4.3 Medium
Missing Authorization vulnerability in CodePeople Booking Calendar Contact Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking Calendar Contact Form: from n/a through 1.2.34.
CVE-2024-31366			2026-04-15	7.1 High
Missing Authorization vulnerability in Themify Post Type Builder (PTB).This issue affects Post Type Builder (PTB): from n/a through 2.0.8.
CVE-2023-25048	1 Fantastic Plugins	1 Fantastic Content Protector Free	2026-04-15	5.3 Medium
Missing Authorization vulnerability in Fantastic Plugins Fantastic Content Protector Free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fantastic Content Protector Free: from n/a through 2.6.
CVE-2023-46083			2026-04-15	5.3 Medium
Missing Authorization vulnerability in Kali Forms Contact Form builder with drag & drop - Kali Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form builder with drag & drop - Kali Forms: from n/a through 2.3.27.
CVE-2023-25445	1 Wordpress	1 Wordpress	2026-04-15	5.4 Medium
Missing Authorization vulnerability in HappyFiles HappyFiles Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HappyFiles Pro: from n/a through 1.8.1.
CVE-2023-25446	1 Wordpress	1 Wordpress	2026-04-15	7.7 High
Missing Authorization vulnerability in HappyFiles HappyFiles Pro happyfiles-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HappyFiles Pro: from n/a through 1.8.1.
CVE-2025-63038	2 Northern Beaches Websites, Wordpress	2 Wp Custom Admin Interface, Wordpress	2026-04-15	N/A
Missing Authorization vulnerability in Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through <= 7.40.
CVE-2023-25455	1 Miniorange	1 Wordpress Social Login And Register \(discord\, Google\, Twitter\, Linkedin\)	2026-04-15	5.3 Medium
Missing Authorization vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn): from n/a through 7.6.0.
CVE-2023-25457	1 Wordpress	1 Wordpress	2026-04-15	5.3 Medium
Missing Authorization vulnerability in Richteam Slider Carousel – Responsive Image Slider.This issue affects Slider Carousel – Responsive Image Slider: from n/a through 1.5.1.
CVE-2023-27428	1 Wordpress	1 Wordpress	2026-04-15	5.4 Medium
Missing Authorization vulnerability in Damir Calusic WP users media allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP users media: from n/a through 4.2.3.
CVE-2023-25469	2 Magazine3, Wordpress	2 Easy Table Of Contents, Wordpress	2026-04-15	5.4 Medium
Missing Authorization vulnerability in Magazine3 Easy Table of Contents allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Table of Contents: from n/a through 2.0.45.2.
CVE-2026-25388	2 Scripteo, Wordpress	2 Ads Pro, Wordpress	2026-04-15	5.4 Medium
Missing Authorization vulnerability in scripteo Ads Pro ap-plugin-scripteo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ads Pro: from n/a through <= 5.0.
CVE-2023-25703	1 Essentialplugin	1 Meta Slider And Carousel With Lightbox	2026-04-15	5.3 Medium
Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Meta slider and carousel with lightbox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Meta slider and carousel with lightbox: from n/a through 1.6.2.
CVE-2023-25714	1 Fullworksplugins	1 Quick Paypal Payments	2026-04-15	7.5 High
Missing Authorization vulnerability in Fullworks Quick Paypal Payments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quick Paypal Payments: from n/a through 5.7.25.
CVE-2023-25959	2 Apollo13themes, Wordpress	2 Apollo13 Framework Extensions, Wordpress	2026-04-15	5.4 Medium
Missing Authorization vulnerability in Apollo13Themes Apollo13 Framework Extensions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Apollo13 Framework Extensions: from n/a through 1.8.10.
CVE-2024-56070	1 Wordpress	1 Wordpress	2026-04-15	N/A
Missing Authorization vulnerability in azzaroco WP SuperBackup indeed-wp-superbackup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP SuperBackup: from n/a through <= 2.3.3.
CVE-2023-41951			2026-04-15	4.3 Medium
Missing Authorization vulnerability in rtCamp rtMedia for WordPress, BuddyPress and bbPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects rtMedia for WordPress, BuddyPress and bbPress: from n/a through 4.6.14.
CVE-2025-31611	1 Wordpress	1 Wordpress	2026-04-15	N/A
Missing Authorization vulnerability in Shaharia Azam Auto Post After Image Upload auto-post-after-image-upload allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Auto Post After Image Upload: from n/a through <= 1.6.
CVE-2024-3072	1 Wordpress	1 Wordpress	2026-04-15	4.3 Medium
The ACF Front End Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_texts() function in all versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary post title, content, and ACF data.

« first previous Page 80 of 385. next last »