CWE-862— Missing Authorization

Missing Authorization vulnerability in i.lychkov Mark New Posts mark-new-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mark New Posts: from n/a through <= 7.5.1.

Missing Authorization vulnerability in Saad Iqbal New User Approve new-user-approve allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects New User Approve: from n/a through <= 2.6.2.

Missing Authorization vulnerability in Eyal Fitoussi GEO my WordPress geo-my-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GEO my WordPress: from n/a through <= 4.5.0.4.

Missing Authorization vulnerability in beat.k Termin-Kalender termin-kalender allows Stored XSS.This issue affects Termin-Kalender: from n/a through <= 0.99.47.

Missing Authorization vulnerability in Saul Morales Pacheco Banner System banner-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Banner System: from n/a through <= 1.0.0.

Missing Authorization vulnerability in ThemeHunk Zita Site Builder ai-site-builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Zita Site Builder: from n/a through <= 1.0.2.

Missing Authorization vulnerability in Quietly Quietly Insights quietly-insights allows Privilege Escalation.This issue affects Quietly Insights: from n/a through <= 1.2.2.

Missing Authorization vulnerability in blokhauswp Minterpress minterpress allows Privilege Escalation.This issue affects Minterpress: from n/a through <= 1.0.5.

Missing Authorization vulnerability in Dotstore Advance Menu Manager advance-menu-manager.This issue affects Advance Menu Manager: from n/a through <= 3.1.1.

Missing Authorization vulnerability in Anh Tran Falcon – WordPress Optimizations & Tweaks falcon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Falcon – WordPress Optimizations & Tweaks: from…

Missing Authorization vulnerability in Mohamed Abd Elhalim Arabic Webfonts arabic-webfonts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Arabic Webfonts: from n/a through <= 1.4.6.

Missing Authorization vulnerability in pixelgrade PixProof pixproof allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects PixProof: from n/a through <= 2.0.1.

An authorization issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. An encrypted volume may be accessed by a different user without prompting for the pa…

A logic issue was addressed with improved checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1. An attacker with physical access may be able to access contacts from the lock screen.

The WP Dark Mode – WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpdm_so…

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pm_dismissible_notice and pm_wizard_update_group_icon functions in a…

An authentication issue was addressed with improved state management. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, watchOS 11.2. Private Browsing tabs may be accessed without authentication.

The Restaurant Menu and Food Ordering plugin for WordPress is vulnerable to unauthorized creation of data due to a missing capability check on 'add_section', 'add_menu', 'add_menu_item', and 'add_menu_page' functions in all versions up to,…

CyberPanel (aka Cyber Panel) before 6778ad1 does not require the FilemanagerAdmin capability for restartMySQL actions.

The WordPress Header Builder Plugin – Pearl plugin for WordPress is vulnerable to unauthorized site option deletion due to a missing validation and capability checks on the stm_hb_delete() function in all versions up to, and including, 1…

The Wbcom Designs – Custom Font Uploader plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cfu_delete_customfont' function in all versions up to, and including, 2.3.4. This makes it…

A Broken Object Level Authorization vulnerability in the component /households/permissions of hay-kot mealie v2.2.0 allows group managers to edit their own permissions.

A Broken Object Level Authorization vulnerability in the component /api/users/{user-id} of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household.

A Broken Object Level Authorization vulnerability in the component /api/users/{user-id} of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household.

An improper access control vulnerability in the AsusSAIO.sys driver may lead to the misuse of software functionality utilizing the driver when crafted IOCTL requests are supplied.

The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ibtana_visual_editor_register_ajax_json_endpont' function in all versions up to, and…

The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the stm_edit_delete_user_car function in all versions up to, and including, 1.4.8…

The Simple Photoswipe WordPress plugin through 0.1 does not have authorisation check when updating its settings, which could allow any authenticated users, such as subscriber to update them

XWiki Platform is a generic wiki platform. Starting in version 1.2-milestone-2 and prior to versions 15.10.9 and 16.3.0, any user with an account on the main wiki could run scheduling operations on subwikis. To reproduce, as a user on the …

XWiki Platform is a generic wiki platform. Starting in version 2.3 and prior to versions 15.10.9, 16.3.0, any user with script rights can perform arbitrary remote code execution by adding instances of `XWiki.ConfigurableClass` to any page.…

Missing Authorization vulnerability in Mario Peshev WP-CRM System wp-crm-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-CRM System: from n/a through <= 3.2.9.1.

Missing Authorization vulnerability in Open Tools WooCommerce Basic Ordernumbers woocommerce-basic-ordernumbers allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Basic Ordernumbers: from…

Missing Authorization vulnerability in PickPlugins Job Board Manager job-board-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Job Board Manager: from n/a through <= 2.1.61.

Missing Authorization vulnerability in sohu 畅言评论系统 changyan allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 畅言评论系统: from n/a through <= 2.0.5.

Missing Authorization vulnerability in Torod Company for Information Technology Torod torod allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Torod: from n/a through <= 1.7.

Missing Authorization vulnerability in dreamfox Dreamfox Media Payment gateway per Product for Woocommerce woocommerce-product-payments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dreamfox Med…

Missing Authorization vulnerability in webchunky Order Delivery & Pickup Location Date Time order-delivery-pickup-location-date-time-free-version allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Or…

Missing Authorization vulnerability in Eric Sloan Popup Surveys & Polls for WordPress (Mare.io) popup-surveys allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup Surveys & Polls for WordPress (M…

Missing Authorization vulnerability in Marco Giannini XML Multilanguage Sitemap Generator xml-multilanguage-sitemap-generator.This issue affects XML Multilanguage Sitemap Generator: from n/a through <= 2.0.6.

The SCSS Happy Compiler – Compile SCSS to CSS & Automatic Enqueue plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to a missing capability check and insufficient sanitization on the import_settings() function in all …

Missing Authorization vulnerability in ksher thailand Ksher ksher-payment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ksher: from n/a through <= 1.1.1.

Missing Authorization vulnerability in mightyforms Contact Form, Survey & Form Builder – MightyForms mightyforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form, Survey & Form Build…

Missing Authorization vulnerability in David Cramer Caldera SMTP Mailer caldera-smtp-mailer.This issue affects Caldera SMTP Mailer: from n/a through <= 1.0.1.

Missing Authorization vulnerability in awfowler Easy Site Importer easy-site-importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Site Importer: from n/a through <= 1.0.1.

Missing Authorization vulnerability in Automattic Jetpack Debug Tools.This issue affects Jetpack Debug Tools: from n/a before 2.0.1.

Missing Authorization vulnerability in leader codes Leader leader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Leader: from n/a through <= 2.6.1.

Missing Authorization vulnerability in spreadr Spreadr Woocommerce spreadr-for-woocomerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Spreadr Woocommerce: from n/a through <= 1.0.4.

Missing Authorization vulnerability in spreadr Spreadr Woocommerce spreadr-for-woocomerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Spreadr Woocommerce: from n/a through <= 1.0.4.

Missing Authorization vulnerability in Yulio Aleman Jimenez Smart Shopify Product smart-shopify-product allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Shopify Product: from n/a through <= 1…

Missing Authorization vulnerability in VibeThemes WPLMS wplms_plugin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPLMS: from n/a through <= 1.9.9.