CWE-862 CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (5801 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-8342	2 Woocommerce, Wordpress	2 Woocommerce, Wordpress	2025-08-16	8.1 High
The WooCommerce OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authentication bypass due to insufficient empty value checking in the lwp_ajax_register function in all versions up to, and including, 1.8.47. This makes it possible for unauthenticated attackers to bypass OTP verification and gain administrative access to any user account with a configured phone number by exploiting improper Firebase API error handling when the Firebase API key is not configured.
CVE-2025-55712	2 Posimyth, Wordpress	2 The Plus Addons For Elementor Page Builder Lite, Wordpress	2025-08-15	6.5 Medium
Missing Authorization vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through 6.3.13.
CVE-2025-55716	2 Veronalabs, Wordpress	2 Wp Statistics, Wordpress	2025-08-15	4.3 Medium
Missing Authorization vulnerability in VeronaLabs WP Statistics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Statistics: from n/a through 14.15.
CVE-2025-54739	2 Posimyth, Wordpress	2 Nexter Blocks, Wordpress	2025-08-15	5.3 Medium
Missing Authorization vulnerability in POSIMYTH Nexter Blocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Nexter Blocks: from n/a through 4.5.4.
CVE-2025-54717	2 E-plugins, Wordpress	2 Wp Membership, Wordpress	2025-08-15	5.4 Medium
Missing Authorization vulnerability in e-plugins WP Membership allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Membership: from n/a through 1.6.3.
CVE-2025-53221	2 Codeablepress, Wordpress	2 Codeablepress, Wordpress	2025-08-15	4.3 Medium
Missing Authorization vulnerability in codeablepress CodeablePress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CodeablePress: from n/a through 1.0.0.
CVE-2025-53341	2 Themovation, Wordpress	2 Stratus, Wordpress	2025-08-15	4.3 Medium
Missing Authorization vulnerability in Themovation Stratus allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Stratus: from n/a through 4.2.5.
CVE-2025-53343	2 Goodlayers, Wordpress	2 Modernize, Wordpress	2025-08-15	4.3 Medium
Missing Authorization vulnerability in GoodLayers Modernize allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Modernize: from n/a through 3.4.0.
CVE-2025-28962	1 Wordpress	1 Wordpress	2025-08-14	6.5 Medium
Missing Authorization vulnerability in stefanoai Advanced Google Universal Analytics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced Google Universal Analytics: from n/a through 1.0.3.
CVE-2025-31425	1 Wordpress	1 Wordpress	2025-08-14	7.5 High
Missing Authorization vulnerability in kamleshyadav WP Lead Capturing Pages allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Lead Capturing Pages: from n/a through 2.3.
CVE-2024-12553	1 Geovision	1 Gv-asmanager	2025-08-14	N/A
GeoVision GV-ASManager Missing Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of GeoVision GV-ASManager. Although authentication is required to exploit this vulnerability, default guest credentials may be used. The specific flaw exists within the GV-ASWeb service. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-25394.
CVE-2025-54692	2 Wordpress, Wpswings	2 Wordpress, Membership For Woocommerce	2025-08-14	7.5 High
Missing Authorization vulnerability in WP Swings Membership For WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Membership For WooCommerce: from n/a through 2.9.0.
CVE-2025-50029	1 Wordpress	1 Wordpress	2025-08-14	6.5 Medium
Missing Authorization vulnerability in Ashish AI Tools allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AI Tools: from n/a through 4.0.7.
CVE-2025-50031	1 Wordpress	1 Wordpress	2025-08-14	6.5 Medium
Missing Authorization vulnerability in syedamirhussain91 DB Backup allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects DB Backup: from n/a through 6.0.
CVE-2025-52801	1 Wordpress	1 Wordpress	2025-08-14	7.3 High
Missing Authorization vulnerability in VonStroheim TheBooking allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects TheBooking: from n/a through 1.4.4.
CVE-2025-52800	1 Wordpress	1 Wordpress	2025-08-14	7.3 High
Missing Authorization vulnerability in Unity Business Technology Pty Ltd The E-Commerce ERP allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects The E-Commerce ERP: from n/a through 2.1.1.3.
CVE-2025-52785	1 Wordpress	1 Wordpress	2025-08-14	7.1 High
Missing Authorization vulnerability in softnwords SMM API allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SMM API: from n/a through 6.0.30.
CVE-2025-52721	2 Lcweb, Wordpress	2 Global Gallery, Wordpress	2025-08-14	6.5 Medium
Missing Authorization vulnerability in LCweb Global Gallery allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Global Gallery: from n/a through 9.2.3.
CVE-2025-49052	1 Wordpress	1 Wordpress	2025-08-14	4.3 Medium
Missing Authorization vulnerability in Dariolee Netease Music allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Netease Music: from n/a through 3.2.1.
CVE-2025-54695	1 Wordpress	1 Wordpress	2025-08-14	5.4 Medium
Missing Authorization vulnerability in HasTech HT Mega allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects HT Mega: from n/a through 2.9.0.

« first previous Page 37 of 291. next last »