CWE-862 CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (5352 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-22673	2 Wordpress, Wpfactory	2 Wordpress, Ean For Woocommerce	2025-07-13	4.3 Medium
Missing Authorization vulnerability in WPFactory EAN for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EAN for WooCommerce: from n/a through 5.3.5.
CVE-2025-22740	2 Automattic, Wordpress	2 Sensei Lms, Wordpress	2025-07-13	5.3 Medium
Missing Authorization vulnerability in Automattic Sensei LMS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sensei LMS: from n/a through 4.24.4.
CVE-2025-26372	1 Q-free	1 Maxtime	2025-07-13	7.1 High
A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove users from groups via crafted HTTP requests.
CVE-2025-2719	2 Hasthemes, Wordpress	2 Swatchly, Wordpress	2025-07-13	6.5 Medium
The Swatchly – WooCommerce Variation Swatches for Products (product attributes: Image swatch, Color swatches, Label swatches) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_dismiss function in versions 1.2.8 to 1.4.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update option values to 1/true on the WordPress site. This can be leveraged to update an option that would create an error on the site and deny access to legitimate users or be used to set some values to true, such as registration.
CVE-2025-30880	2 Joomsky, Wordpress	2 Js Help Desk, Wordpress	2025-07-13	7.5 High
Missing Authorization vulnerability in JoomSky JS Help Desk allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JS Help Desk: from n/a through 2.9.2.
CVE-2025-31415	2 Wordpress, Yaycommerce	2 Wordpress, Yayextra	2025-07-13	7.6 High
Missing Authorization vulnerability in YayCommerce YayExtra allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects YayExtra: from n/a through 1.5.2.
CVE-2025-31539	2 Blocksera, Wordpress	2 Cryptocurrency Widgets Pack, Wordpress	2025-07-13	6.5 Medium
Missing Authorization vulnerability in Blocksera Cryptocurrency Widgets Pack allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cryptocurrency Widgets Pack: from n/a through 2.0.1.
CVE-2025-31628	2 Slicedinvoices, Wordpress	2 Sliced Invoices, Wordpress	2025-07-13	5.3 Medium
Missing Authorization vulnerability in SlicedInvoices Sliced Invoices. This issue affects Sliced Invoices: from n/a through 3.9.4.
CVE-2025-32544	1 Woocommerce	1 Woocommerce	2025-07-13	7.5 High
Missing Authorization vulnerability in The Right Software WooCommerce Loyal Customers allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WooCommerce Loyal Customers: from n/a through 2.6.
CVE-2024-55991	2 Wordpress, Wp-crm	2 Wordpress, Wp-crm System	2025-07-13	6.5 Medium
Missing Authorization vulnerability in WP-CRM WP-CRM System allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-CRM System: from n/a through 3.2.9.1.
CVE-2024-56294	2 Posimyth, Wordpress	2 Nexter Blocks, Wordpress	2025-07-13	6.4 Medium
Missing Authorization vulnerability in POSIMYTH Nexter Blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nexter Blocks: from n/a through 4.0.7.
CVE-2025-24642	1 Wordpress	1 Wordpress	2025-07-13	6.5 Medium
Missing Authorization vulnerability in theme funda Setup Default Featured Image allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Setup Default Featured Image: from n/a through 1.2.
CVE-2023-36512	2 Woo, Wordpress	2 Automatewoo, Wordpress	2025-07-13	6.5 Medium
Missing Authorization vulnerability in Woo AutomateWoo.This issue affects AutomateWoo: from n/a through 5.7.5.
CVE-2025-5888	1 Jsnjfz	1 Webstack-guns	2025-07-13	4.3 Medium
A vulnerability was found in jsnjfz WebStack-Guns 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-34186	1 Wordpress	1 Wordpress	2025-07-13	5.3 Medium
Missing Authorization vulnerability in Imran Sayed Headless CMS.This issue affects Headless CMS: from n/a through 2.0.3.
CVE-2023-47830	1 Wordpress	1 Wordpress	2025-07-13	5.4 Medium
Missing Authorization vulnerability in Addons for Contact Form 7 Live Preview for Contact Form 7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live Preview for Contact Form 7: from n/a through 1.2.0.
CVE-2025-31830	1 Wordpress	1 Wordpress	2025-07-12	4.3 Medium
Missing Authorization vulnerability in Uriahs Victor Printus allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Printus: from n/a through 1.2.6.
CVE-2025-46535	2 Alphaefficiencyteam, Wordpress	2 Custom Login And Registration, Wordpress	2025-07-12	5.4 Medium
Missing Authorization vulnerability in AlphaEfficiencyTeam Custom Login and Registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom Login and Registration: from n/a through 1.0.0.
CVE-2023-40608	1 Wordpress	1 Wordpress	2025-07-12	8.2 High
Missing Authorization vulnerability in Paid Memberships Pro Paid Memberships Pro CCBill Gateway.This issue affects Paid Memberships Pro CCBill Gateway: from n/a through 0.3.
CVE-2024-33919	1 Rometheme	1 Romethemekit For Elementor	2025-07-12	6.5 Medium
Missing Authorization vulnerability in Rometheme RomethemeKit For Elementor.This issue affects RomethemeKit For Elementor: from n/a through 1.4.1.

« first previous Page 27 of 268. next last »