CWE-862 CVEs and Security Vulnerabilities

Filtered by CWE-862

Search

Switch to Advanced Search (Beta)

Total 5241 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-48998	1 Dataease	1 Dataease	2025-06-09	8.8 High
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass of the patch for CVE-2025-27103 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.10. No known workarounds are available.
CVE-2025-5521	1 5kcrm	1 Wukongcrm	2025-06-09	4.3 Medium
A vulnerability was found in WuKongOpenSource WukongCRM 9.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /system/user/updataPassword. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-5814			2025-06-09	5.3 Medium
The Profiler – What Slowing Down Your WP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpsd_plugin_control() function in all versions up to, and including, 1.0.0. This makes it possible for unauthenticated attackers to reactivate previously deactivated plugins after accessing the "Profiler" page.
CVE-2025-39493	1 Valvepress	1 Rankie	2025-06-06	4.3 Medium
Missing Authorization vulnerability in ValvePress Rankie allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Rankie: from n/a through 1.8.0.
CVE-2025-39482	1 Imithemes	1 Eventer	2025-06-06	4.3 Medium
Missing Authorization vulnerability in imithemes Eventer allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Eventer: from n/a through 3.9.6.
CVE-2025-49270			2025-06-06	5.3 Medium
Missing Authorization vulnerability in Mario Peshev WP-CRM System allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WP-CRM System: from n/a through 3.4.2.
CVE-2025-49287			2025-06-06	4.3 Medium
Missing Authorization vulnerability in WebToffee Product Feed for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Product Feed for WooCommerce: from n/a through 2.2.8.
CVE-2025-49288			2025-06-06	4.3 Medium
Missing Authorization vulnerability in Rustaurius Ultimate WP Mail allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ultimate WP Mail: from n/a through 1.3.5.
CVE-2025-49289			2025-06-06	5 Medium
Missing Authorization vulnerability in add-ons.org PDF for WPForms allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF for WPForms: from n/a through 5.5.0.
CVE-2025-49293			2025-06-06	4.3 Medium
Missing Authorization vulnerability in CodeRevolution Crawlomatic Multisite Scraper Post Generator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Crawlomatic Multisite Scraper Post Generator: from n/a through 2.6.8.2.
CVE-2025-49320			2025-06-06	5.3 Medium
Missing Authorization vulnerability in fraudlabspro FraudLabs Pro for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects FraudLabs Pro for WooCommerce: from n/a through 2.22.11.
CVE-2025-49324			2025-06-06	5.3 Medium
Missing Authorization vulnerability in PickPlugins Job Board Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Job Board Manager: from n/a through 2.1.60.
CVE-2025-26773	1 Analytify	1 Analytify - Google Analytics Dashboard	2025-06-06	4.3 Medium
Missing Authorization vulnerability in Adnan Analytify allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Analytify: from n/a through 5.5.0.
CVE-2025-31000			2025-06-06	5.3 Medium
Missing Authorization vulnerability in Miguel Fuentes Payment QR WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Payment QR WooCommerce: from n/a through 1.1.6.
CVE-2025-28985			2025-06-06	5.4 Medium
Missing Authorization vulnerability in Elastic Email Elastic Email Subscribe Form allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Elastic Email Subscribe Form: from n/a through 1.2.2.
CVE-2025-24778			2025-06-06	5.4 Medium
Missing Authorization vulnerability in De paragon No Spam At All allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects No Spam At All: from n/a through 1.3.
CVE-2025-24776			2025-06-06	5.4 Medium
Missing Authorization vulnerability in codelobster Responsive Flipbooks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Responsive Flipbooks: from n/a through 1.0.
CVE-2025-24762			2025-06-06	5.4 Medium
Missing Authorization vulnerability in facturaone TicketBAI Facturas para WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects TicketBAI Facturas para WooCommerce: from n/a through 3.19.
CVE-2025-1778			2025-06-06	4.3 Medium
The Art Theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'arttheme_theme_option_restore' AJAX function in all versions up to, and including, 3.12.2.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete the theme option.
CVE-2025-1777			2025-06-06	6.4 Medium
The BM Content Builder plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the 'ux_cb_page_options_save' function in all versions up to, and including, 3.16.2.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

« first previous Page 42 of 263. next last »