Filtered by CWE-862

Search

Switch to Advanced Search (Beta)
Total 5352 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2025-31866 2025-04-01 4.3 Medium
Missing Authorization vulnerability in Ship Depot ShipDepot for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ShipDepot for WooCommerce: from n/a through 1.2.19.
CVE-2025-31882 2025-04-01 4.3 Medium
Missing Authorization vulnerability in WPWebinarSystem WebinarPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WebinarPress: from n/a through 1.33.27.
CVE-2025-31826 2025-04-01 5.4 Medium
Missing Authorization vulnerability in Anzar Ahmed Ni WooCommerce Cost Of Goods allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ni WooCommerce Cost Of Goods: from n/a through 3.2.8.
CVE-2025-31802 2025-04-01 5.4 Medium
Missing Authorization vulnerability in Shiptimize Shiptimize for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Shiptimize for WooCommerce: from n/a through 3.1.86.
CVE-2025-31843 2025-04-01 4.3 Medium
Missing Authorization vulnerability in Wilson OpenAI Tools for WordPress & WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects OpenAI Tools for WordPress & WooCommerce: from n/a through 2.1.5.
CVE-2025-31810 2025-04-01 5.3 Medium
Missing Authorization vulnerability in PickPlugins Question Answer allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Question Answer: from n/a through 1.2.70.
CVE-2025-31886 2025-04-01 4.3 Medium
Missing Authorization vulnerability in Repuso Social proof testimonials and reviews by Repuso allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Social proof testimonials and reviews by Repuso: from n/a through 5.21.
CVE-2025-31820 2025-04-01 4.3 Medium
Missing Authorization vulnerability in webdevstudios Automatic Featured Images from Videos allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Automatic Featured Images from Videos: from n/a through 1.2.4.
CVE-2025-31872 2025-04-01 5.3 Medium
Missing Authorization vulnerability in Galaxy Weblinks WP Clone any post type allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Clone any post type: from n/a through 3.4.
CVE-2025-31854 2025-04-01 4.3 Medium
Missing Authorization vulnerability in Sharaz Shahid Simple Sticky Add To Cart For WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Simple Sticky Add To Cart For WooCommerce: from n/a through 1.4.5.
CVE-2025-31816 2025-04-01 5.4 Medium
Missing Authorization vulnerability in pietro Mobile App Canvas allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Mobile App Canvas: from n/a through 3.8.1.
CVE-2025-31846 2025-04-01 4.3 Medium
Missing Authorization vulnerability in Jeroen Schmit Theater for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Theater for WordPress: from n/a through 0.18.7.
CVE-2025-31862 2025-04-01 5.3 Medium
Missing Authorization vulnerability in PickPlugins Job Board Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Job Board Manager: from n/a through 2.1.60.
CVE-2025-31865 2025-04-01 4.3 Medium
Missing Authorization vulnerability in CartBoss SMS Abandoned Cart Recovery ✦ CartBoss allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SMS Abandoned Cart Recovery ✦ CartBoss: from n/a through 4.1.2.
CVE-2025-31879 2025-04-01 5.4 Medium
Missing Authorization vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Generator for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Barcode Generator for WooCommerce: from n/a through 2.0.4.
CVE-2025-2589 1 Code-projects 1 Human Resource Management 2025-04-01 5.5 Medium
A vulnerability was found in code-projects Human Resource Management System 1.0.1 and classified as critical. This issue affects the function Index of the file \handler\Account.go. The manipulation of the argument user_cookie leads to improper authorization. The exploit has been disclosed to the public and may be used.
CVE-2024-13737 1 Stylemixthemes 1 Motors - Car Dealer\, Classifieds \& Listing 2025-04-01 4.3 Medium
The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability checks on the motors_create_template and motors_delete_template functions in all versions up to, and including, 1.4.57. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary posts or create listing templates. This issue requires Elementor plugin to be installed, which is a required plugin for Motors Starter Theme.
CVE-2023-24459 1 Jenkins 1 Bearychat 2025-04-01 6.5 Medium
A missing permission check in Jenkins BearyChat Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.
CVE-2021-34648 1 Ninjaforms 1 Ninja Forms 2025-03-31 6.4 Medium
The Ninja Forms WordPress plugin is vulnerable to arbitrary email sending via the trigger_email_action function found in the ~/includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to send arbitrary emails from the affected server via the /ninja-forms-submissions/email-action REST API which can be used to socially engineer victims.
CVE-2025-2224 2025-03-31 5.3 Medium
The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'parse_query' function in all versions up to, and including, 8.2. This makes it possible for unauthenticated attackers to update the post_status of any post to 'publish'.