CWE-862 CVEs and Security Vulnerabilities

Filtered by CWE-862

Search

Switch to Advanced Search (Beta)

Total 7690 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2023-36506			2026-04-15	5.3 Medium
Missing Authorization vulnerability in YITH YITH WooCommerce Waiting List allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YITH WooCommerce Waiting List: from n/a through 2.13.0.
CVE-2025-31736	1 Wordpress	1 Wordpress	2026-04-15	N/A
Missing Authorization vulnerability in richtexteditor Rich Text Editor richtexteditor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rich Text Editor: from n/a through <= 1.0.1.
CVE-2024-31242	1 Bricksforge	1 Bricksforge	2026-04-15	5.3 Medium
Missing Authorization vulnerability in Bricksforge.This issue affects Bricksforge: from n/a through 2.0.17.
CVE-2025-60096	3 Codexthemes, Elementor, Wordpress	3 Thegem, Elementor, Wordpress	2026-04-15	N/A
Missing Authorization vulnerability in CodexThemes TheGem (Elementor) thegem-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TheGem (Elementor): from n/a through <= 5.10.5.
CVE-2025-64277	2 Quantumcloud, Wordpress	2 Chatbot, Wordpress	2026-04-15	5.3 Medium
Missing Authorization vulnerability in QuantumCloud ChatBot chatbot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ChatBot: from n/a through <= 7.3.9.
CVE-2024-10437	2 Wordpress, Wpclever	2 Wordpress, Wpc Smart Messages For Woocommerce	2026-04-15	4.3 Medium
The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to unauthorized Smar Message activation/deactivation due to a missing capability check on the ajax_enable function in all versions up to, and including, 4.2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate or deactivate smart messages.
CVE-2024-1050			2026-04-15	4.3 Medium
The Import and export users and customers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_force_reset_password_delete_metas() function in all versions up to, and including, 1.26.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete all forced password resets. CVE-2024-34815 is a duplicate of this issue.
CVE-2025-66063	2 Jgwhite33, Wordpress	2 Wp Google Review Slider, Wordpress	2026-04-15	5.4 Medium
Missing Authorization vulnerability in jgwhite33 WP Google Review Slider wp-google-places-review-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Google Review Slider: from n/a through <= 17.4.
CVE-2024-53806	2 Wordpress, Wpmaspik	2 Wordpress, Maspik	2026-04-15	N/A
Missing Authorization vulnerability in yonifre Maspik – Spam blacklist contact-forms-anti-spam allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Maspik – Spam blacklist: from n/a through <= 2.2.7.
CVE-2023-47836			2026-04-15	5.4 Medium
Missing Authorization vulnerability in Prasad Kirpekar WP Meta and Date Remover allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Meta and Date Remover: from n/a through 2.3.0.
CVE-2025-64296	3 Facebook, Woocommerce, Wordpress	3 Facebook For Woocommerce, Woocommerce, Wordpress	2026-04-15	N/A
Missing Authorization vulnerability in Facebook Facebook for WooCommerce facebook-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Facebook for WooCommerce: from n/a through <= 3.5.7.
CVE-2025-62154	2 Recorp, Wordpress	2 Ai Content Writing Assistant, Wordpress	2026-04-15	N/A
Missing Authorization vulnerability in recorp AI Content Writing Assistant (Content Writer, ChatGPT, Image Generator) All in One ai-content-writing-assistant allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Content Writing Assistant (Content Writer, ChatGPT, Image Generator) All in One: from n/a through <= 1.1.7.
CVE-2025-32688	2 Sovica, Wordpress	2 Target Video Easy Publish, Wordpress	2026-04-15	N/A
Missing Authorization vulnerability in Nebojsa Target Video Easy Publish brid-video-easy-publish.This issue affects Target Video Easy Publish: from n/a through <= 3.8.9.
CVE-2025-64375	1 Wordpress	1 Wordpress	2026-04-15	6.5 Medium
Missing Authorization vulnerability in Mahmudul Hasan Arif WP Social Ninja wp-social-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Social Ninja: from n/a through <= 3.20.1.
CVE-2025-69333	2 Crocoblock, Wordpress	2 Jetengine, Wordpress	2026-04-15	N/A
Missing Authorization vulnerability in Crocoblock JetEngine jet-engine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetEngine: from n/a through <= 3.8.1.1.
CVE-2025-64632	2 Auctollo, Wordpress	2 Google-sitemap-generator, Wordpress	2026-04-15	5.3 Medium
Missing Authorization vulnerability in Auctollo Google XML Sitemaps google-sitemap-generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Google XML Sitemaps: from n/a through <= 4.1.22.
CVE-2025-10352	1 Melistechnology	1 Melis Platform	2026-04-15	N/A
Vulnerability in the melis-core module of Melis Technology's Melis Platform, which, if exploited, allows an unauthenticated attacker to create an administrator account via a request to '/melis/MelisCore/ToolUser/addNewUser'.
CVE-2025-64635	1 Wordpress	1 Wordpress	2026-04-15	5.4 Medium
Missing Authorization vulnerability in Syed Balkhi Feeds for YouTube feeds-for-youtube allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Feeds for YouTube: from n/a through <= 2.4.0.
CVE-2025-42914	1 Sap	1 Fiori	2026-04-15	3.1 Low
Due to missing authorization checks, SAP HCM My Timesheet Fiori 2.0 application allows an authenticated attacker with in-depth system knowledge to escalate privileges and perform activities that are otherwise restricted, resulting in a low impact on the integrity of the application. Confidentiality and availability are not impacted.
CVE-2024-33652	1 Realbigplugins	1 Client Dash	2026-04-15	5.3 Medium
Missing Authorization vulnerability in Real Big Plugins Client Dash.This issue affects Client Dash: from n/a through 2.2.1.

« first previous Page 89 of 385. next last »