CWE-862 CVEs and Security Vulnerabilities

Filtered by CWE-862

Search

Switch to Advanced Search (Beta)

Total 5374 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-3701	1 Wordpress	1 Wordpress	2025-09-04	4.3 Medium
Missing Authorization vulnerability in Malcure Web Security Malcure Malware Scanner allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Malcure Malware Scanner: from n/a through 16.8.
CVE-2025-9219	1 Wordpress	1 Wordpress	2025-09-04	4.3 Medium
The Post SMTP – WP SMTP Plugin with Email Logs and Mobile App for Failure Notifications – Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES and more plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_post_smtp_pro_option_callback' function in all versions up to, and including, 3.4.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to enable pro extensions.
CVE-2025-58210	1 Wordpress	1 Wordpress	2025-09-04	5.3 Medium
Missing Authorization vulnerability in ThemeMove Makeaholic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Makeaholic: from n/a through 1.8.5.
CVE-2025-6685			2025-09-04	N/A
ATEN eco DC Missing Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of ATEN eco DC. Authentication is required to exploit this vulnerability. The specific flaw exists within the web-based interface. The issue results from the lack of validating the assigned user role when handling requests. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. Was ZDI-CAN-26647.
CVE-2025-58600	2 Cozmoslabs, Wordpress	2 Paid Member Subscriptions, Wordpress	2025-09-04	5.3 Medium
Missing Authorization vulnerability in Cozmoslabs Paid Member Subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Paid Member Subscriptions: from n/a through 2.15.9.
CVE-2025-58616	1 Wordpress	1 Wordpress	2025-09-04	6.5 Medium
Missing Authorization vulnerability in Frisbii Frisbii Pay allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Frisbii Pay: from n/a through 1.8.2.1.
CVE-2025-58622	2 Wordpress, Yydevelopment	2 Wordpress, Mobile Contact Line Plugin	2025-09-04	4.3 Medium
Missing Authorization vulnerability in yydevelopment Mobile Contact Line allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Mobile Contact Line: from n/a through 2.4.0.
CVE-2025-58613	1 Wordpress	1 Wordpress	2025-09-04	5.3 Medium
Missing Authorization vulnerability in Barn2 Plugins Posts Table with Search & Sort allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Posts Table with Search & Sort: from n/a through 1.4.10.
CVE-2025-58617	1 Wordpress	1 Wordpress	2025-09-04	4.3 Medium
Missing Authorization vulnerability in FAKTOR VIER F4 Media Taxonomies allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects F4 Media Taxonomies: from n/a through 1.1.4.
CVE-2025-58634	1 Wordpress	1 Wordpress	2025-09-04	5.3 Medium
Missing Authorization vulnerability in peachpay PeachPay Payments allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PeachPay Payments: from n/a through 1.117.4.
CVE-2025-8268	1 Wordpress	1 Wordpress	2025-09-04	6.5 Medium
The AI Engine plugin for WordPress is vulnerable to unauthorized access and loss of data due to a missing capability check on the rest_list and delete_files functions in all versions up to, and including, 2.9.5. This makes it possible for unauthenticated attackers to list and delete files uploaded by other users.
CVE-2025-58639	2 Contact Form By Mega Forms Project, Wordpress	2 Contact Form By Mega Forms, Wordpress	2025-09-04	5.4 Medium
Missing Authorization vulnerability in Ali Khallad Contact Form By Mega Forms allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Contact Form By Mega Forms: from n/a through 1.6.1.
CVE-2025-58635	1 Wordpress	1 Wordpress	2025-09-04	5.3 Medium
Missing Authorization vulnerability in PalsCode Support Genix allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Support Genix: from n/a through 1.4.23.
CVE-2025-58594	2 Brizy, Wordpress	2 Brizy, Wordpress	2025-09-04	4.3 Medium
Missing Authorization vulnerability in themefusecom Brizy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Brizy: from n/a through 2.7.12.
CVE-2025-58599	2 Tychesoftwares, Wordpress	2 Order Delivery Date For Woocommerce, Wordpress	2025-09-04	4.3 Medium
Missing Authorization vulnerability in tychesoftwares Order Delivery Date for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Order Delivery Date for WooCommerce: from n/a through 4.1.0.
CVE-2025-58601	2 Radiustheme, Wordpress	2 Classified Listing, Wordpress	2025-09-04	4.3 Medium
Missing Authorization vulnerability in RadiusTheme Classified Listing allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Classified Listing: from n/a through 5.0.6.
CVE-2025-58603	2 Surfer, Wordpress	2 Surfer Plugin, Wordpress	2025-09-04	5.3 Medium
Missing Authorization vulnerability in Surfer Surfer allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Surfer: from n/a through 1.6.4.574.
CVE-2025-58606	2 Cozythemes, Wordpress	2 Saaslauncher, Wordpress	2025-09-04	5 Medium
Missing Authorization vulnerability in CozyThemes SaasLauncher allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SaasLauncher: from n/a through 1.3.0.
CVE-2024-38353	1 Hackmd	1 Codimd	2025-09-04	5.3 Medium
CodiMD allows realtime collaborative markdown notes on all platforms. CodiMD before 2.5.4 is missing authentication and access control vulnerability allowing an unauthenticated attacker to gain unauthorised access to image data uploaded to CodiMD. CodiMD does not require valid authentication to access uploaded images or to upload new image data. An attacker who can determine an uploaded image's URL can gain unauthorised access to uploaded image data. Due to the insecure random filename generation in the underlying Formidable library, an attacker can determine the filenames for previously uploaded images and the likelihood of this issue being exploited is increased. This vulnerability is fixed in 2.5.4.
CVE-2024-45168	1 Uci	2 Idol2, Idol 2	2025-09-03	9.1 Critical
An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Data is transferred over a raw socket without any authentication mechanism. Thus, communication endpoints are not verifiable.

« first previous Page 6 of 269. next last »