Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-862
Total 4935 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-31862 2025-04-01 N/A 5.3 MEDIUM
Missing Authorization vulnerability in PickPlugins Job Board Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Job Board Manager: from n/a through 2.1.60.
CVE-2025-31866 2025-04-01 N/A 4.3 MEDIUM
Missing Authorization vulnerability in Ship Depot ShipDepot for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ShipDepot for WooCommerce: from n/a through 1.2.19.
CVE-2025-31810 2025-04-01 N/A 5.3 MEDIUM
Missing Authorization vulnerability in PickPlugins Question Answer allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Question Answer: from n/a through 1.2.70.
CVE-2025-31820 2025-04-01 N/A 4.3 MEDIUM
Missing Authorization vulnerability in webdevstudios Automatic Featured Images from Videos allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Automatic Featured Images from Videos: from n/a through 1.2.4.
CVE-2025-31878 2025-04-01 N/A 5.4 MEDIUM
Missing Authorization vulnerability in Dmitry V. (CEO of "UKR Solution") UPC/EAN/GTIN Code Generator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects UPC/EAN/GTIN Code Generator: from n/a through 2.0.2.
CVE-2025-31872 2025-04-01 N/A 5.3 MEDIUM
Missing Authorization vulnerability in Galaxy Weblinks WP Clone any post type allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Clone any post type: from n/a through 3.4.
CVE-2025-31881 2025-04-01 N/A 5.4 MEDIUM
Missing Authorization vulnerability in Stylemix Pearl allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Pearl: from n/a through 1.3.9.
CVE-2025-31799 2025-04-01 N/A 4.3 MEDIUM
Missing Authorization vulnerability in publitio Publitio allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Publitio: from n/a through 2.1.8.
CVE-2025-31831 2025-04-01 N/A 4.3 MEDIUM
Missing Authorization vulnerability in Team AtomChat AtomChat allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AtomChat: from n/a through 1.1.6.
CVE-2025-31826 2025-04-01 N/A 5.4 MEDIUM
Missing Authorization vulnerability in Anzar Ahmed Ni WooCommerce Cost Of Goods allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ni WooCommerce Cost Of Goods: from n/a through 3.2.8.
CVE-2025-31870 2025-04-01 N/A 5.4 MEDIUM
Missing Authorization vulnerability in EXEIdeas International WP AutoKeyword allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP AutoKeyword: from n/a through 1.0.
CVE-2025-31868 2025-04-01 N/A 5.3 MEDIUM
Missing Authorization vulnerability in JoomSky JS Job Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JS Job Manager: from n/a through 2.0.2.
CVE-2025-31830 2025-04-01 N/A 4.3 MEDIUM
Missing Authorization vulnerability in Uriahs Victor Printus allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Printus: from n/a through 1.2.6.
CVE-2025-31856 2025-04-01 N/A 4.3 MEDIUM
Missing Authorization vulnerability in brainvireinfo Export All Post Meta allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Export All Post Meta: from n/a through 1.2.1.
CVE-2025-31848 2025-04-01 N/A 5.3 MEDIUM
Missing Authorization vulnerability in WPFactory WordPress Adverts Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordPress Adverts Plugin: from n/a through 1.4.
CVE-2025-31846 2025-04-01 N/A 4.3 MEDIUM
Missing Authorization vulnerability in Jeroen Schmit Theater for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Theater for WordPress: from n/a through 0.18.7.
CVE-2025-2589 1 Code-projects 1 Human Resource Management 2025-04-01 5.2 MEDIUM 5.5 MEDIUM
A vulnerability was found in code-projects Human Resource Management System 1.0.1 and classified as critical. This issue affects the function Index of the file \handler\Account.go. The manipulation of the argument user_cookie leads to improper authorization. The exploit has been disclosed to the public and may be used.
CVE-2023-24459 1 Jenkins 1 Bearychat 2025-04-01 N/A 6.5 MEDIUM
A missing permission check in Jenkins BearyChat Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.
CVE-2024-28155 1 Jenkins 1 Appspider 2025-03-29 N/A 4.3 MEDIUM
Jenkins AppSpider Plugin 1.0.16 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about available scan config names, engine group names, and client names.
CVE-2023-52352 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-03-28 N/A 5.5 MEDIUM
In Network Adapter Service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges needed