CWE-862 CVEs and Security Vulnerabilities

Filtered by CWE-862

Search

Switch to Advanced Search (Beta)

Total 5879 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-66069	3 Themeisle, Woocommerce, Wordpress	3 Ppom For Woocommerce, Woocommerce, Wordpress	2025-11-24	4.3 Medium
Missing Authorization vulnerability in Themeisle PPOM for WooCommerce woocommerce-product-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PPOM for WooCommerce: from n/a through <= 33.0.16.
CVE-2025-66112	1 Wordpress	1 Wordpress	2025-11-24	4.3 Medium
Missing Authorization vulnerability in WebToffee Accessibility Toolkit by WebYes accessibility-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accessibility Toolkit by WebYes: from n/a through <= 2.0.4.
CVE-2025-66099	1 Wordpress	1 Wordpress	2025-11-24	5.3 Medium
Missing Authorization vulnerability in ThemeAtelier Chat Help chat-help allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chat Help: from n/a through <= 3.1.3.
CVE-2025-66075	2 Wordpress, Wp Legal Pages	2 Wordpress, Wp Cookie Notice	2025-11-24	4.2 Medium
Missing Authorization vulnerability in WP Legal Pages WP Cookie Notice for GDPR, CCPA & ePrivacy Consent gdpr-cookie-consent allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Cookie Notice for GDPR, CCPA & ePrivacy Consent: from n/a through <= 4.0.3.
CVE-2025-66089	3 Webtoffee, Woocommerce, Wordpress	3 Product Feed For Woocommerce, Woocommerce, Wordpress	2025-11-24	4.3 Medium
Missing Authorization vulnerability in WebToffee Product Feed for WooCommerce webtoffee-product-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Feed for WooCommerce: from n/a through <= 2.3.1.
CVE-2025-66060	2 Craig Hewitt, Wordpress	2 Seriously Simple Podcasting, Wordpress	2025-11-24	5.3 Medium
Missing Authorization vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Seriously Simple Podcasting: from n/a through <= 3.13.0.
CVE-2025-66101	1 Wordpress	1 Wordpress	2025-11-24	4.3 Medium
Missing Authorization vulnerability in Sabuj Kundu CBX Bookmark & Favorite cbxwpbookmark allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CBX Bookmark & Favorite: from n/a through <= 2.0.1.
CVE-2025-66108	1 Wordpress	1 Wordpress	2025-11-24	N/A
Missing Authorization vulnerability in Merlot Digital (by TNC) TNC Toolbox: Web Performance tnc-toolbox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TNC Toolbox: Web Performance: from n/a through <= 2.0.4.
CVE-2025-66106	2 Essentialplugin, Wordpress	2 Featured Post Creative, Wordpress	2025-11-24	N/A
Missing Authorization vulnerability in Essential Plugin Featured Post Creative featured-post-creative allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Featured Post Creative: from n/a through <= 1.5.5.
CVE-2025-66096	1 Wordpress	1 Wordpress	2025-11-24	N/A
Missing Authorization vulnerability in Imtiaz Rayhan Table Block by Tableberg tableberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Table Block by Tableberg: from n/a through <= 0.6.9.
CVE-2025-66109	3 Octolize, Woocommerce, Wordpress	3 Cart Weight For Woocommerce, Woocommerce, Wordpress	2025-11-24	N/A
Missing Authorization vulnerability in octolize Cart Weight for WooCommerce woo-cart-weight allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cart Weight for WooCommerce: from n/a through <= 1.9.11.
CVE-2025-66110	2 Bplugins, Wordpress	2 Tiktok Feed Plugin, Wordpress	2025-11-24	N/A
Missing Authorization vulnerability in bPlugins Tiktok Feed b-tiktok-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tiktok Feed: from n/a through <= 1.0.22.
CVE-2025-66107	2 Scott Paterson, Wordpress	2 Subscriptions & Memberships For Paypal, Wordpress	2025-11-24	N/A
Missing Authorization vulnerability in Scott Paterson Subscriptions & Memberships for PayPal subscriptions-memberships-for-paypal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Subscriptions & Memberships for PayPal: from n/a through <= 1.1.7.
CVE-2025-66114	3 Theme Funda, Woocommerce, Wordpress	3 Show Variations As Single Products Woocommerce, Woocommerce, Wordpress	2025-11-24	N/A
Missing Authorization vulnerability in theme funda Show Variations as Single Products Woocommerce woo-show-single-variations-shop-category allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Show Variations as Single Products Woocommerce: from n/a through <= 2.0.
CVE-2025-13468	1 Oretnom23	1 Alumni Management System	2025-11-21	5.4 Medium
A weakness has been identified in SourceCodester Alumni Management System 1.0. This issue affects the function delete_forum/delete_career/delete_comment/delete_gallery/delete_event of the file admin/admin_class.php of the component Delete Handler. Executing manipulation of the argument ID can lead to missing authorization. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited.
CVE-2025-64384	1 Wordpress	1 Wordpress	2025-11-21	6.3 Medium
Missing Authorization vulnerability in jetmonsters JetFormBuilder jetformbuilder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetFormBuilder: from n/a through <= 3.5.3.
CVE-2025-64690	1 Jetbrains	1 Youtrack	2025-11-21	5.4 Medium
In JetBrains YouTrack before 2025.3.104432 insecure Junie configuration could lead to data exposure and unauthorized changes
CVE-2025-64684	1 Jetbrains	1 Youtrack	2025-11-21	4.5 Medium
In JetBrains YouTrack before 2025.3.104432 information disclosure was possible via the feedback form
CVE-2025-64687	1 Jetbrains	1 Youtrack	2025-11-21	5.4 Medium
In JetBrains YouTrack before 2025.3.104432 improper access control allowed modify MCP tool logic
CVE-2025-12778	3 Elementor, Userelements, Wordpress	3 Elementor, Ultimate Member Widgets For Elementor, Wordpress	2025-11-21	5.3 Medium
The Ultimate Member Widgets for Elementor – WordPress User Directory plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the handle_filter_users function in all versions up to, and including, 2.3. This makes it possible for unauthenticated attackers to extract partial metadata of all WordPress users, including their first name, last name and email addresses.

« first previous Page 4 of 294. next last »