CWE-862 CVEs and Security Vulnerabilities

Filtered by CWE-862

Search

Switch to Advanced Search (Beta)

Total 7118 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-24622	1 Wordpress	1 Wordpress	2026-01-26	5.4 Medium
Missing Authorization vulnerability in Sergiy Dzysyak Suggestion Toolkit suggestion-toolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Suggestion Toolkit: from n/a through <= 5.0.
CVE-2026-24625	2 Imaginate-solutions, Wordpress	2 File Uploads Addon For Woocommerce, Wordpress	2026-01-26	5.3 Medium
Missing Authorization vulnerability in Imaginate Solutions File Uploads Addon for WooCommerce woo-addon-uploads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects File Uploads Addon for WooCommerce: from n/a through <= 1.7.3.
CVE-2026-0927	2 Iqonicdesign, Wordpress	2 Kivicare – Clinic & Patient Management System (ehr), Wordpress	2026-01-26	5.3 Medium
The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to arbitrary file uploads due to missing authorization checks in the uploadMedicalReport() function in all versions up to, and including, 3.6.15. This makes it possible for unauthenticated attackers to upload text files and PDF documents to the affected site's server which may be leveraged for further attacks such as hosting malicious content or phishing pages via PDF files.
CVE-2026-24561	1 Wordpress	1 Wordpress	2026-01-26	5.4 Medium
Missing Authorization vulnerability in Mahmudul Hasan Arif FluentBoards fluent-boards allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FluentBoards: from n/a through <= 1.91.1.
CVE-2026-24607	1 Wordpress	1 Wordpress	2026-01-26	5.3 Medium
Missing Authorization vulnerability in wptravelengine Travel Monster travel-monster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Monster: from n/a through <= 1.3.3.
CVE-2025-14947	2 Plugins360, Wordpress	2 All-in-one Video Gallery, Wordpress	2026-01-26	6.5 Medium
The All-in-One Video Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `ajax_callback_create_bunny_stream_video`, `ajax_callback_get_bunny_stream_video`, and `ajax_callback_delete_bunny_stream_video` functions in all versions up to, and including, 4.6.4. This makes it possible for unauthenticated attackers to create and delete videos on the Bunny Stream CDN associated with the victim's account, provided they can obtain a valid nonce which is exposed in public player templates.
CVE-2023-47762	2 Wordpress, Wpdeveloper	2 Wordpress, Betterdocs	2026-01-23	4.3 Medium
Missing Authorization vulnerability in WPDeveloper BetterDocs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BetterDocs: from n/a through 2.5.2.
CVE-2025-30880	2 Joomsky, Wordpress	2 Js Help Desk, Wordpress	2026-01-23	7.5 High
Missing Authorization vulnerability in JoomSky JS Help Desk allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JS Help Desk: from n/a through 2.9.2.
CVE-2025-31868	1 Joomsky	1 Js Job Manager	2026-01-23	5.3 Medium
Missing Authorization vulnerability in JoomSky JS Job Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JS Job Manager: from n/a through 2.0.2.
CVE-2022-46838	2 Joomsky, Wordpress	2 Js Help Desk, Wordpress	2026-01-23	9.1 Critical
Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.1.
CVE-2022-46840	2 Joomsky, Wordpress	2 Js Help Desk, Wordpress	2026-01-23	5.4 Medium
Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.1.
CVE-2022-47176	1 Averta	1 Depicter Slider	2026-01-23	4.3 Medium
Missing Authorization vulnerability in Depicter Slider and Popup by Averta Depicter Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Depicter Slider: from n/a through 1.9.0.
CVE-2023-44258	1 Schemaapp	1 Schema App Structured Data	2026-01-23	5.3 Medium
Missing Authorization vulnerability in Schema App Schema App Structured Data allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Schema App Structured Data: from n/a through 1.23.1.
CVE-2023-45104	2 Wordpress, Wpdeveloper	2 Wordpress, Betterlinks	2026-01-23	7.3 High
Missing Authorization vulnerability in WPDeveloper BetterLinks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BetterLinks: from n/a through 1.6.0.
CVE-2023-47179	2 Byconsole, Wordpress	2 Wooodt Lite, Wordpress	2026-01-23	8.8 High
Missing Authorization vulnerability in ByConsole WooODT Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooODT Lite: from n/a through 2.4.6.
CVE-2023-39994	1 Reputeinfosystems	1 Armember	2026-01-23	4.3 Medium
Missing Authorization vulnerability in Repute InfoSystems ARMember Premium allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ARMember Premium: from n/a through 5.9.2.
CVE-2025-59968	1 Juniper	21 Junos, Junos Space, Space Security Director and 18 more	2026-01-23	8.6 High
A Missing Authorization vulnerability in the Juniper Networks Junos Space Security Director allows an unauthenticated network-based attacker to read or modify metadata via the web interface. Tampering with this metadata can result in managed SRX Series devices permitting network traffic that should otherwise be blocked by policy, effectively bypassing intended security controls. This issue affects Junos Space Security Director * all versions prior to 24.1R3 Patch V4 This issue does not affect managed cSRX Series devices.
CVE-2024-31270	1 Reputeinfosystems	1 Arforms Form Builder	2026-01-23	7.6 High
Missing Authorization vulnerability in Repute InfoSystems ARForms Form Builder.This issue affects ARForms Form Builder: from n/a through 1.6.1.
CVE-2023-47788	2 Automattic, Wordpress	2 Jetpack, Wordpress	2026-01-23	4.3 Medium
Missing Authorization vulnerability in Automattic Jetpack.This issue affects Jetpack: from n/a before 12.7.
CVE-2025-14757	2 Stylemixthemes, Wordpress	2 Cost Calculator Builder, Wordpress	2026-01-23	5.3 Medium
The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Payment Status Bypass in all versions up to, and including, 3.6.9 only when used in combination with Cost Calculator Builder PRO. This is due to the complete_payment AJAX action being registered via wp_ajax_nopriv, making it accessible to unauthenticated users, and the complete() function only verifying a nonce without checking user capabilities or order ownership. Since nonces are exposed to all visitors via window.ccb_nonces in the page source, any unauthenticated attacker can mark any order's payment status as "completed" without actual payment.

« first previous Page 43 of 356. next last »