Vulnerabilities (CVE)

Filtered by CWE-862
Total 4942 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-31923 2025-05-19 N/A 5.4 MEDIUM
Missing Authorization vulnerability in QuanticaLabs CSS3 Accordions for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CSS3 Accordions for WordPress: from n/a through 3.0.
CVE-2025-32295 2025-05-19 N/A 4.3 MEDIUM
Missing Authorization vulnerability in wordpresschef Salon Booking Pro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Salon Booking Pro: from n/a through 10.10.2.
CVE-2025-48079 2025-05-19 N/A 4.3 MEDIUM
Missing Authorization vulnerability in Metagauss ProfileGrid allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ProfileGrid : from n/a through 5.9.5.1.
CVE-2025-47560 2025-05-19 N/A 5.0 MEDIUM
Missing Authorization vulnerability in RomanCode MapSVG allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MapSVG: from n/a through 8.5.32.
CVE-2025-31630 2025-05-19 N/A 5.3 MEDIUM
Missing Authorization vulnerability in themeton The Business allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects The Business: from n/a through 1.6.1.
CVE-2025-32296 2025-05-19 N/A 5.3 MEDIUM
Missing Authorization vulnerability in quantumcloud Simple Link Directory Pro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Simple Link Directory Pro: from n/a through 14.7.3.
CVE-2025-39511 2025-05-19 N/A 4.3 MEDIUM
Missing Authorization vulnerability in ValvePress Pinterest Automatic Pin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Pinterest Automatic Pin: from n/a through 4.18.2.
CVE-2025-47556 2025-05-19 N/A 5.4 MEDIUM
Missing Authorization vulnerability in QuanticaLabs CSS3 Compare Pricing Tables for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CSS3 Compare Pricing Tables for WordPress: from n/a through 11.5.
CVE-2025-31066 2025-05-19 N/A 5.3 MEDIUM
Missing Authorization vulnerability in themeton Acerola allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Acerola: from n/a through 1.6.5.
CVE-2025-47563 2025-05-19 N/A 5.3 MEDIUM
Missing Authorization vulnerability in villatheme CURCY allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects CURCY: from n/a through 2.3.7.
CVE-2025-4477 2025-05-19 N/A 7.2 HIGH
The ThreatSonar Anti-Ransomware from TeamT5 has a Privilege Escalation vulnerability, allowing remote attackers with intermediate privileges to escalate their privileges to highest administrator level through a specific API.
CVE-2025-48127 2025-05-19 N/A 6.5 MEDIUM
Missing Authorization vulnerability in App Cheap Push notification for Mobile and Web app allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Push notification for Mobile and Web app: from n/a through 2.0.3.
CVE-2025-48117 2025-05-19 N/A 5.3 MEDIUM
Missing Authorization vulnerability in kilbot WooCommerce POS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooCommerce POS: from n/a through 1.7.8.
CVE-2025-48116 2025-05-19 N/A 5.3 MEDIUM
Missing Authorization vulnerability in Ashan Perera EventON allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects EventON: from n/a through 2.4.4.
CVE-2025-48128 2025-05-19 N/A 4.3 MEDIUM
Missing Authorization vulnerability in Sharespine Sharespine Woocommerce Connector allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sharespine Woocommerce Connector: from n/a through 4.7.55.
CVE-2025-3952 1 Projectopia 1 Projectopia 2025-05-19 N/A 8.1 HIGH
The Projectopia – WordPress Project Management plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'pto_remove_logo' function in all versions up to, and including, 5.1.16. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary option values on the WordPress site. This can be leveraged to delete an option that would create an error on the site and deny service to legitimate users.
CVE-2024-10008 1 Masteriyo 1 Masteriyo 2025-05-17 N/A 8.8 HIGH
The Masteriyo LMS – eLearning and Online Course Builder for WordPress plugin for WordPress is vulnerable to unauthorized user profile modification due to missing authorization checks on the /wp-json/masteriyo/v1/users/$id REST API endpoint in all versions up to, and including, 1.13.3. This makes it possible for authenticated attackers, with student-level access and above, to modify the roles of arbitrary users. As a result, attackers can escalate their privileges to the Administrator and demote existing administrators to students.
CVE-2024-36036 1 Zohocorp 1 Manageengine Adaudit Plus 2025-05-16 N/A 4.2 MEDIUM
Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to access sensitive information and modifying the agent configuration.
CVE-2025-39413 1 Wpgoplugins 1 Simple Sitemap 2025-05-16 N/A 4.3 MEDIUM
Missing Authorization vulnerability in David Gwyer Simple Sitemap – Create a Responsive HTML Sitemap.This issue affects Simple Sitemap – Create a Responsive HTML Sitemap: from n/a through 3.5.14.
CVE-2025-4520 2025-05-16 N/A 5.4 MEDIUM
The Uncanny Automator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in versions up to, and including, 6.4.0.2. This makes it possible for authenticated attackers, with subscriber-level permissions or above to update plugin settings.