Filtered by CWE-862
Total 5240 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2025-47709 1 Miniorange 1 Miniorange 2fa 2025-06-10 6.5 Medium
Missing Authorization vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Forceful Browsing.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0.
CVE-2025-5732 1 Carmelogarcia 1 Traffic Offense Reporting System 2025-06-10 4.3 Medium
A vulnerability, which was classified as problematic, was found in code-projects Traffic Offense Reporting System 1.0. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2023-2415 1 Vcita 1 Online Booking \& Scheduling Calendar 2025-06-10 5.4 Medium
The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_logout_callback function in versions up to, and including, 4.2.10. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to logout a vctia connected account which would cause a denial of service on the appointment scheduler.
CVE-2023-2299 1 Vcita 1 Online Booking \& Scheduling Calendar 2025-06-10 5.3 Medium
The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized medication of data via the /wp-json/vcita-wordpress/v1/actions/auth REST-API endpoint in versions up to, and including, 4.2.10 due to a missing capability check on the processAction function. This makes it possible for unauthenticated attackers modify the plugin's settings.
CVE-2024-32948 1 Reputeinfosystems 1 Armember 2025-06-09 9.1 Critical
Missing Authorization vulnerability in Repute Infosystems ARMember.This issue affects ARMember: from n/a through 4.0.28.
CVE-2024-32776 1 Apppresser 1 Apppresser 2025-06-09 6.5 Medium
Missing Authorization vulnerability in AppPresser Team AppPresser.This issue affects AppPresser: from n/a through 4.3.0.
CVE-2024-34372 1 Addonmaster 1 Post Grid Master 2025-06-09 5.3 Medium
Missing Authorization vulnerability in AddonMaster Post Grid Master.This issue affects Post Grid Master: from n/a through 3.4.7.
CVE-2023-48740 1 Easysocialfeed 1 Easy Social Feed 2025-06-09 4.3 Medium
Missing Authorization vulnerability in Easy Social Feed Easy Social Feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Social Feed: from n/a through 6.5.1.
CVE-2023-47841 1 Analytify 1 Analytify - Google Analytics Dashboard 2025-06-09 4.3 Medium
Missing Authorization vulnerability in Analytify Analytify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Analytify: from n/a through 5.1.1.
CVE-2023-47832 1 Searchiq 1 Searchiq 2025-06-09 5.3 Medium
Missing Authorization vulnerability in searchiq SearchIQ allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SearchIQ: from n/a through 4.4.
CVE-2023-47770 1 Muffingroup 1 Betheme 2025-06-09 7.6 High
Missing Authorization vulnerability in Muffin Group Betheme.This issue affects Betheme: from n/a through 27.1.1.
CVE-2023-41953 2 Profilepress, Properfraction 2 Profilepress, Profilepress 2025-06-09 5.3 Medium
Missing Authorization vulnerability in ProfilePress Membership Team ProfilePress.This issue affects ProfilePress: from n/a through 4.13.1.
CVE-2023-50882 2 Profilepress, Properfraction 2 Profilepress, Profilepress 2025-06-09 5.3 Medium
Missing Authorization vulnerability in ProfilePress Membership Team ProfilePress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ProfilePress: from n/a through 4.13.2.
CVE-2023-49835 1 Metaphorcreations 1 Post Duplicator 2025-06-09 4.3 Medium
Missing Authorization vulnerability in Metaphor Creations Post Duplicator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Duplicator: from n/a through 2.31.
CVE-2023-48774 1 Northernbeacheswebsites 1 Ideapush 2025-06-09 5.4 Medium
Missing Authorization vulnerability in Martin Gibson IdeaPush allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IdeaPush: from n/a through n/a.
CVE-2025-30897 1 Analytify 1 Analytify - Google Analytics Dashboard 2025-06-09 4.3 Medium
Missing Authorization vulnerability in Adnan Analytify allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Analytify: from n/a through 5.5.1.
CVE-2025-24736 1 Metaphorcreations 1 Post Duplicator 2025-06-09 4.3 Medium
Missing Authorization vulnerability in Metaphor Creations Post Duplicator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Post Duplicator: from n/a through 2.35.
CVE-2025-5894 2025-06-09 8.8 High
Smart Parking Management System from Honding Technology has a Missing Authorization vulnerability, allowing remote attackers with regular privileges to access a specific functionality to create administrator accounts, and subsequently log into the system using those accounts.
CVE-2025-45854 1 Jehc 1 Jehc-bpm 2025-06-09 10 Critical
/server/executeExec of JEHC-BPM 2.0.1 allows attackers to execute arbitrary code via execParams.
CVE-2025-48998 1 Dataease 1 Dataease 2025-06-09 8.8 High
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass of the patch for CVE-2025-27103 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.10. No known workarounds are available.