CWE-862 CVEs and Security Vulnerabilities

Filtered by CWE-862

Search

Switch to Advanced Search (Beta)

Total 6618 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-26372	1 Q-free	1 Maxtime	2025-07-13	7.1 High
A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove users from groups via crafted HTTP requests.
CVE-2025-2719	2 Hasthemes, Wordpress	2 Swatchly, Wordpress	2025-07-13	6.5 Medium
The Swatchly – WooCommerce Variation Swatches for Products (product attributes: Image swatch, Color swatches, Label swatches) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_dismiss function in versions 1.2.8 to 1.4.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update option values to 1/true on the WordPress site. This can be leveraged to update an option that would create an error on the site and deny access to legitimate users or be used to set some values to true, such as registration.
CVE-2025-31415	2 Wordpress, Yaycommerce	2 Wordpress, Yayextra	2025-07-13	7.6 High
Missing Authorization vulnerability in YayCommerce YayExtra allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects YayExtra: from n/a through 1.5.2.
CVE-2025-31539	2 Blocksera, Wordpress	2 Cryptocurrency Widgets Pack, Wordpress	2025-07-13	6.5 Medium
Missing Authorization vulnerability in Blocksera Cryptocurrency Widgets Pack allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cryptocurrency Widgets Pack: from n/a through 2.0.1.
CVE-2025-31628	2 Slicedinvoices, Wordpress	2 Sliced Invoices, Wordpress	2025-07-13	5.3 Medium
Missing Authorization vulnerability in SlicedInvoices Sliced Invoices. This issue affects Sliced Invoices: from n/a through 3.9.4.
CVE-2025-32544	1 Woocommerce	1 Woocommerce	2025-07-13	7.5 High
Missing Authorization vulnerability in The Right Software WooCommerce Loyal Customers allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WooCommerce Loyal Customers: from n/a through 2.6.
CVE-2024-55991	2 Wordpress, Wp-crm	2 Wordpress, Wp-crm System	2025-07-13	6.5 Medium
Missing Authorization vulnerability in WP-CRM WP-CRM System allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-CRM System: from n/a through 3.2.9.1.
CVE-2024-56294	2 Posimyth, Wordpress	2 Nexter Blocks, Wordpress	2025-07-13	6.4 Medium
Missing Authorization vulnerability in POSIMYTH Nexter Blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nexter Blocks: from n/a through 4.0.7.
CVE-2025-24642	1 Wordpress	1 Wordpress	2025-07-13	6.5 Medium
Missing Authorization vulnerability in theme funda Setup Default Featured Image allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Setup Default Featured Image: from n/a through 1.2.
CVE-2023-36512	2 Woo, Wordpress	2 Automatewoo, Wordpress	2025-07-13	6.5 Medium
Missing Authorization vulnerability in Woo AutomateWoo.This issue affects AutomateWoo: from n/a through 5.7.5.
CVE-2023-34186	1 Wordpress	1 Wordpress	2025-07-13	5.3 Medium
Missing Authorization vulnerability in Imran Sayed Headless CMS.This issue affects Headless CMS: from n/a through 2.0.3.
CVE-2023-47830	1 Wordpress	1 Wordpress	2025-07-13	5.4 Medium
Missing Authorization vulnerability in Addons for Contact Form 7 Live Preview for Contact Form 7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live Preview for Contact Form 7: from n/a through 1.2.0.
CVE-2025-31830	1 Wordpress	1 Wordpress	2025-07-12	4.3 Medium
Missing Authorization vulnerability in Uriahs Victor Printus allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Printus: from n/a through 1.2.6.
CVE-2024-34378	1 Wordpress	1 Wordpress	2025-07-12	8.6 High
Missing Authorization vulnerability in LeadConnector.This issue affects LeadConnector: from n/a through 1.7.
CVE-2025-46535	2 Alphaefficiencyteam, Wordpress	2 Custom Login And Registration, Wordpress	2025-07-12	5.4 Medium
Missing Authorization vulnerability in AlphaEfficiencyTeam Custom Login and Registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom Login and Registration: from n/a through 1.0.0.
CVE-2023-40608	1 Wordpress	1 Wordpress	2025-07-12	8.2 High
Missing Authorization vulnerability in Paid Memberships Pro Paid Memberships Pro CCBill Gateway.This issue affects Paid Memberships Pro CCBill Gateway: from n/a through 0.3.
CVE-2024-33919	1 Rometheme	1 Romethemekit For Elementor	2025-07-12	6.5 Medium
Missing Authorization vulnerability in Rometheme RomethemeKit For Elementor.This issue affects RomethemeKit For Elementor: from n/a through 1.4.1.
CVE-2025-22665	1 Wordpress	1 Wordpress	2025-07-12	4.3 Medium
Missing Authorization vulnerability in Shakeeb Sadikeen RapidLoad allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RapidLoad: from n/a through 2.4.4.
CVE-2025-48275	1 Wordpress	1 Wordpress	2025-07-12	6.5 Medium
Missing Authorization vulnerability in dastan800 Visual Header allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Visual Header: from n/a through 1.3.
CVE-2024-11918	1 Wordpress	1 Wordpress	2025-07-12	4.3 Medium
The Image Alt Text plugin for WordPress is vulnerable to unauthorized modification of data\| due to a missing capability check on the iat_add_alt_txt_action and iat_update_alt_txt_action AJAX actions in all versions up to, and including, 2.0.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the alt text on arbitrary images.

« first previous Page 97 of 331. next last »