Vulnerabilities (CVE)

Filtered by CWE-862
Total 5078 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-49979 2025-06-23 N/A 4.3 MEDIUM
Missing Authorization vulnerability in slui Media Hygiene allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Media Hygiene: from n/a through 4.0.1.
CVE-2025-50010 2025-06-23 N/A 5.4 MEDIUM
Missing Authorization vulnerability in Zapier Zapier for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Zapier for WordPress: from n/a through 1.5.2.
CVE-2025-49969 2025-06-23 N/A 4.3 MEDIUM
Missing Authorization vulnerability in Zara 4 Zara 4 Image Compression allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Zara 4 Image Compression: from n/a through 1.2.17.2.
CVE-2025-49987 2025-06-23 N/A 5.3 MEDIUM
Missing Authorization vulnerability in WPFactory CRM ERP Business Solution allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CRM ERP Business Solution: from n/a through 1.13.
CVE-2025-49993 2025-06-23 N/A 5.3 MEDIUM
Missing Authorization vulnerability in Cookie Script Cookie-Script.com allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cookie-Script.com: from n/a through 1.2.1.
CVE-2025-49991 2025-06-23 N/A 5.3 MEDIUM
Missing Authorization vulnerability in tggfref WP-Recall allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WP-Recall: from n/a through 16.26.14.
CVE-2025-49990 2025-06-23 N/A 5.3 MEDIUM
Missing Authorization vulnerability in contentstudio ContentStudio allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects ContentStudio: from n/a through 1.3.4.
CVE-2025-49997 2025-06-23 N/A 5.3 MEDIUM
Missing Authorization vulnerability in Syed Balkhi Giveaways and Contests by RafflePress allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Giveaways and Contests by RafflePress: from n/a through 1.12.17.
CVE-2025-50034 2025-06-23 N/A 6.5 MEDIUM
Missing Authorization vulnerability in Mahmudul Hasan Arif Enhanced Blocks – Page Builder Blocks for Gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Enhanced Blocks – Page Builder Blocks for Gutenberg: from n/a through 1.4.1.
CVE-2025-49980 2025-06-23 N/A 4.3 MEDIUM
Missing Authorization vulnerability in WP Event Manager WP User Profile Avatar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP User Profile Avatar: from n/a through 1.0.6.
CVE-2025-49981 2025-06-23 N/A 4.3 MEDIUM
Missing Authorization vulnerability in mahabub81 User Roles and Capabilities allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects User Roles and Capabilities: from n/a through 1.2.6.
CVE-2025-49976 2025-06-23 N/A 4.3 MEDIUM
Missing Authorization vulnerability in WANotifier WANotifier allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WANotifier: from n/a through 2.7.7.
CVE-2025-49989 2025-06-23 N/A 5.3 MEDIUM
Missing Authorization vulnerability in App Cheap App Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects App Builder: from n/a through 5.5.3.
CVE-2024-53591 1 Seclore 1 Seclore 2025-06-23 N/A 9.8 CRITICAL
An issue in the login page of Seclore v3.27.5.0 allows attackers to bypass authentication via a brute force attack.
CVE-2024-0236 1 Myeventon 1 Eventon 2025-06-20 N/A 5.3 MEDIUM
The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve the settings of arbitrary virtual events, including any meeting password set (for example for Zoom)
CVE-2024-0235 1 Myeventon 1 Eventon 2025-06-20 N/A 5.3 MEDIUM
The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog
CVE-2023-48339 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-06-20 N/A 4.4 MEDIUM
In jpg driver, there is a possible missing permission check. This could lead to local information disclosure with System execution privileges needed
CVE-2023-6554 1 Tecnick 1 Tcexam 2025-06-20 N/A 6.5 MEDIUM
When access to the "admin" folder is not protected by some external authorization mechanisms e.g. Apache Basic Auth, it is possible for any user to download protected information like exam answers.
CVE-2023-5905 1 Demomentsomtres 1 Export Posts With Images 2025-06-20 N/A 8.1 HIGH
The DeMomentSomTres WordPress Export Posts With Images WordPress plugin through 20220825 does not check authorization of requests to export the blog data, allowing any logged in user, such as subscribers to export the contents of the blog, including restricted and unpublished posts, as well as passwords of protected posts.
CVE-2023-40362 1 Centralsquare 1 Click2gov Building Permit 2025-06-20 N/A 4.3 MEDIUM
An issue was discovered in CentralSquare Click2Gov Building Permit before October 2023. Lack of access control protections allows remote attackers to arbitrarily delete the contractors from any user's account when the user ID and contractor information is known.