CWE-862— Missing Authorization
7,974 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-862page 64 of 160
- CVE-2024-11353MEDIUMCVSS 4.3EG 4.32024-12-07
The SMS for Lead Capture Forms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_message() function in all versions up to, and including, 1.1.0. This makes it possible f…
- CVE-2024-11354MEDIUMCVSS 4.3EG 4.32024-11-21
The Ultimate YouTube Video & Shorts Player With Vimeo plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the del_ytsingvid() function in all versions up to, and including, 3.3. This…
- CVE-2024-11355MEDIUMCVSS 4.3EG 4.32024-11-22
The Ultimate YouTube Video & Shorts Player With Vimeo plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_setting() function in all versions up to, and including, 3.3. This makes i…
- CVE-2024-1136MEDIUMCVSS 5.3EG 5.32024-02-28
The Coming Soon Page & Maintenance Mode plugin for WordPress is vulnerable to unauthorized access of data due to an improperly implemented URL check in the wpsm_coming_soon_redirect function in all versions up to, and including, 2.2.1. Thi…
- CVE-2024-1137MEDIUMCVSS 4.3EG 4.32024-03-12
The Proxy and Client components of TIBCO Software Inc.'s TIBCO ActiveSpaces - Enterprise Edition contain a vulnerability that theoretically allows an Active Spaces client to passively observe data traffic to other clients. Affected release…
- CVE-2024-11401MEDIUMCVSS 5.3EG 0.02024-12-11
Rapid7 Insight Platform versions prior to November 13th 2024, suffer from a privilege escalation vulnerability whereby, due to a lack of authorization checks, an attacker can successfully update the password policy in the platform settings…
- CVE-2024-11423HIGHCVSS 7.5EG 7.52025-01-08
The Ultimate Gift Cards for WooCommerce – Create WooCommerce Gift Cards, Gift Vouchers, Redeem & Manage Digital Gift Coupons. Offer Gift Certificates, Schedule Gift Cards, and Use Advance Coupons With Personalized Templates plugin for Wo…
- CVE-2024-11443HIGHCVSS 8.8EG 8.82024-12-12
The de:branding plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the debranding_save() function in all versions up to, and including, 1.0.2. …
- CVE-2024-11496MEDIUMCVSS 6.5EG 6.52025-01-07
The Infility Global plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the infility_global_ajax function in all versions up to, and including, 2.9.8. This makes it possible for auth…
- CVE-2024-1158MEDIUMCVSS 4.3EG 4.32024-03-13
The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the b…
- CVE-2024-11583MEDIUMCVSS 4.3EG 4.32025-01-30
The Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'remove_zipped_font' function in all versions up…
- CVE-2024-11601HIGHCVSS 8.1EG 8.12024-11-22
The Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blog, Video Gallery) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, …
- CVE-2024-11643HIGHCVSS 8.8EG 8.82024-12-04
The Accessibility by AllAccessible plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'AllAccessible_save_settings' function in all version…
- CVE-2024-11673MEDIUMCVSS 4.3EG 4.32024-11-25
A vulnerability, which was classified as problematic, has been found in 1000 Projects Bookstore Management System 1.0. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be init…
- CVE-2024-1169HIGHCVSS 7.5EG 7.52024-03-07
The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to unauthorized media upload due to a missing capability check on the buddyform…
- CVE-2024-1170HIGHCVSS 8.2EG 8.22024-03-07
The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to unauthorized media file deletion due to a missing capability check on the ha…
- CVE-2024-11709MEDIUMCVSS 4.3EG 4.32024-12-12
The AI Post Generator | AutoWriter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ai_post_generator_delete_Post AJAX action in all versions up to, and including, 3.5. This m…
- CVE-2024-11712MEDIUMCVSS 5.3EG 5.32024-12-14
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getResumeFileDownloadById() function in all ver…
- CVE-2024-11715MEDIUMCVSS 4.8EG 4.82024-12-14
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the assignUserRole() function in all versions up to, and in…
- CVE-2024-11724MEDIUMCVSS 4.3EG 4.32024-12-12
The Cookie Consent for WP – Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpl_scri…
- CVE-2024-11725HIGHCVSS 8.8EG 8.82025-01-07
The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the updateWcWarrantySettings() function in…
- CVE-2024-11743MEDIUMCVSS 4.3EG 4.32024-11-26
A vulnerability, which was classified as problematic, was found in SourceCodester Best House Rental Management System 1.0. Affected is an unknown function of the file /rental/ajax.php?action=delete_user of the component POST Request Handle…
- CVE-2024-1175MEDIUMCVSS 5.3EG 5.32024-06-06
The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'delete_payment' function in all versions up to, and including, 16.26.6. This…
- CVE-2024-1176MEDIUMCVSS 5.3EG 5.32024-03-13
The HT Easy GA4 – Google Analytics WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the login() function in all versions up to, and including, 1.1.5. This makes…
- CVE-2024-1177MEDIUMCVSS 5.3EG 5.32024-02-05
The WP Club Manager – WordPress Sports Club Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settings_save() function in all versions up to, and including, 2.2.10. Th…
- CVE-2024-1178MEDIUMCVSS 5.3EG 5.32024-03-05
The SportsPress – Sports Club & League Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settings_save() function in all versions up to, and including, 2.7.17. This m…
- CVE-2024-1181MEDIUMCVSS 5.3EG 5.32024-03-20
The Coming Soon, Under Construction & Maintenance Mode By Dazzler plugin for WordPress is vulnerable to maintenance mode bypass in all versions up to, and including, 2.1.2. This is due to the plugin relying on the REQUEST_URI to determine …
- CVE-2024-11816HIGHCVSS 8.8EG 8.82025-01-08
The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Remote Code Execution in version 3.0.11. This is due to a missing capability check on the 'wpext_handle_snippet_update' function. This makes it possible f…
- CVE-2024-11840HIGHCVSS 7.1EG 7.12024-12-11
The RapidLoad – Optimize Web Vitals Automatically plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the uucss_data, update_rapidload_settings, wp_ajax_update_h…
- CVE-2024-11844MEDIUMCVSS 4.3EG 4.32024-12-03
The IdeaPush plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the idea_push_taxonomy_save_routine function in all versions up to, and including, 8.71. This makes it possible for a…
- CVE-2024-11848HIGHCVSS 8.1EG 8.12025-01-15
The NitroPack plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'nitropack_dismiss_notice_forever' AJAX action in all versions up to, and including, 1.17.0. This makes it possi…
- CVE-2024-11851MEDIUMCVSS 4.3EG 4.32025-01-15
The NitroPack plugin for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the nitropack_rml_notification function in all versions up to, and including, 1.17.0. This makes it possible f…
- CVE-2024-11852MEDIUMCVSS 4.3EG 4.32024-12-22
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_layouts() function…
- CVE-2024-11911MEDIUMCVSS 4.3EG 4.32024-12-13
The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the install_woocommerce_plugin() function action in all versions up to, and including, 2.1.12. This makes it po…
- CVE-2024-11916HIGHCVSS 7.4EG 7.42025-01-08
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification and retrieval of data due to a missing capability check on several functions in all versions up to, and including, 3.0.11. T…
- CVE-2024-11918MEDIUMCVSS 4.3EG 4.32024-11-28
The Image Alt Text plugin for WordPress is vulnerable to unauthorized modification of data| due to a missing capability check on the iat_add_alt_txt_action and iat_update_alt_txt_action AJAX actions in all versions up to, and including, 2.…
- CVE-2024-11926MEDIUMCVSS 6.5EG 6.52024-12-18
The Travel Booking WordPress Theme theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '__stPartnerCreateServiceRental', 'st_delete_order_item', '_st_partner_approve_booking', 's…
- CVE-2024-11929MEDIUMCVSS 6.4EG 6.42025-01-09
The Responsive FlipBook Plugin Wordpress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the rfbwp_save_settings() functionin all versions up to, and including, 2.5.0 due to insufficient input sanitization and output …
- CVE-2024-11936HIGHCVSS 8.8EG 8.82025-01-26
The Zox News theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'backup_options' and 'restore_options' function in all versions up to, and i…
- CVE-2024-12006MEDIUMCVSS 5.3EG 5.32025-01-14
The W3 Total Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 2.8.1. This makes it possible for unauthenticated attac…
- CVE-2024-12018MEDIUMCVSS 4.3EG 4.32024-12-12
The Snippet Shortcodes plugin for WordPress is vulnerable to unauthorized Shortcode Deletion due to missing authorization in all versions up to, and including, 4.1.6. Note that a nonce is used as authentication here, but the value is leake…
- CVE-2024-12026MEDIUMCVSS 4.3EG 4.32024-12-07
The Message Filter for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveFilter() function in all versions up to, and including, 1.6.3. This makes it possibl…
- CVE-2024-12027MEDIUMCVSS 4.3EG 4.32024-12-06
The Message Filter for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updateFilter() and deleteFilter() functions in all versions up to, and including, 1.6.3.…
- CVE-2024-12028MEDIUMCVSS 5.3EG 5.32024-12-06
The Friends plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in all versions up to, and including, 3.2.1. This makes it possible for unauthenticated attackers to send…
- CVE-2024-12033MEDIUMCVSS 4.3EG 4.32025-01-07
The Jupiter X Core plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the sync_libraries() function in all versions up to, and including, 4.8.5. This makes it possible for authenticated attackers…
- CVE-2024-12071MEDIUMCVSS 5.3EG 5.32025-01-18
The Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_network_post() function in all versio…
- CVE-2024-12104MEDIUMCVSS 5.3EG 5.32025-01-21
The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the wpf_delete_file and wpf_delete_file functions in all versio…
- CVE-2024-12110MEDIUMCVSS 4.3EG 4.32024-12-06
The Gold Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the activate() and deactivate() functions in all versions up to, and including, 1.3.2. This makes it…
- CVE-2024-12113MEDIUMCVSS 4.3EG 4.32025-01-25
The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_user_review() and delete_r…
- CVE-2024-12129HIGHCVSS 8.8EG 8.82025-01-30
The Royal Core plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'royal_restore_backup' function in all versions up to, and including, 2.9…
Map vulnerabilities like CWE-862 to your infrastructure
EchelonGraph correlates every CVE — across CWE-862 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →