Vulnerabilities (CVE)

Filtered by CWE-862
Total 4980 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-53318 2025-06-30 N/A 5.4 MEDIUM
Missing Authorization vulnerability in WPManiax WP DB Booster allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP DB Booster: from n/a through 1.0.1.
CVE-2025-53255 2025-06-30 N/A 5.3 MEDIUM
Missing Authorization vulnerability in Nabil Lemsieh HurryTimer allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects HurryTimer: from n/a through 2.13.1.
CVE-2025-53295 2025-06-30 N/A 5.3 MEDIUM
Missing Authorization vulnerability in iCount iCount Payment Gateway allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects iCount Payment Gateway: from n/a through 2.0.6.
CVE-2025-53323 2025-06-30 N/A 4.3 MEDIUM
Missing Authorization vulnerability in danbriapps Pre-Publish Post Checklist allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Pre-Publish Post Checklist: from n/a through 3.1.
CVE-2025-53288 2025-06-30 N/A 4.3 MEDIUM
Missing Authorization vulnerability in Adrian Ladó PlatiOnline Payments allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PlatiOnline Payments: from n/a through 6.3.2.
CVE-2025-53304 2025-06-30 N/A 5.3 MEDIUM
Missing Authorization vulnerability in Rohil Contact Form – 7 : Hide Success Message allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Contact Form – 7 : Hide Success Message: from n/a through 1.1.4.
CVE-2025-52824 2025-06-30 N/A 8.8 HIGH
Missing Authorization vulnerability in MDJM Mobile DJ Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Mobile DJ Manager: from n/a through 1.7.6.
CVE-2025-53284 2025-06-30 N/A 6.5 MEDIUM
Missing Authorization vulnerability in pankaj.sakaria CMS Blocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CMS Blocks: from n/a through 1.1.
CVE-2025-53293 2025-06-30 N/A 4.3 MEDIUM
Missing Authorization vulnerability in Morten Dalgaard Johansen Dashboard Widget Sidebar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Dashboard Widget Sidebar: from n/a through 1.2.3.
CVE-2025-32281 2025-06-30 N/A 9.8 CRITICAL
Missing Authorization vulnerability in FocuxTheme WPKit For Elementor allows Privilege Escalation. This issue affects WPKit For Elementor: from n/a through 1.1.0.
CVE-2021-28141 1 Progress 1 Telerik Ui For Asp.net Ajax 2025-06-30 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Progress Telerik UI for ASP.NET AJAX 2021.1.224. It allows unauthorized access to MicrosoftAjax.js through the Telerik.Web.UI.WebResource.axd file. This may allow the attacker to gain unauthorized access to the server and execute code. To exploit, one must use the parameter _TSM_HiddenField_ and inject a command at the end of the URI. NOTE: the vendor states that this is not a vulnerability. The request's output does not indicate that a "true" command was executed on the server, and the request's output does not leak any private source code or data from the server
CVE-2023-40670 1 Wpdeveloper 1 Reviewx 2025-06-27 N/A 4.3 MEDIUM
Missing Authorization vulnerability in ReviewX Team ReviewX allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ReviewX: from n/a through 1.6.17.
CVE-2024-3609 1 Wpdeveloper 1 Reviewx 2025-06-27 N/A 4.3 MEDIUM
The ReviewX – Multi-criteria Rating & Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the reviewx_remove_guest_image function in all versions up to, and including, 1.6.27. This makes it possible for authenticated attackers, with subscriber access and above, to delete attachments.
CVE-2025-6664 1 Codeastro 1 Patient Record Management System 2025-06-27 5.0 MEDIUM 4.3 MEDIUM
A vulnerability, which was classified as problematic, was found in CodeAstro Patient Record Management System 1.0. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-32254 1 Iqonic 1 Wpbookit 2025-06-27 N/A 5.3 MEDIUM
Missing Authorization vulnerability in Iqonic Design WPBookit allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WPBookit: from n/a through 1.0.1.
CVE-2025-6476 1 Oretnom23 1 Gym Management System 2025-06-27 5.0 MEDIUM 4.3 MEDIUM
A vulnerability was found in SourceCodester Gym Management System 1.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-6478 1 Codeastro 1 Expense Management System 2025-06-27 5.0 MEDIUM 4.3 MEDIUM
A vulnerability was found in CodeAstro Expense Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely.
CVE-2024-50628 1 Digi 7 Connectport Lts 16, Connectport Lts 16 Mei, Connectport Lts 16 Mei 2ac and 4 more 2025-06-27 N/A 8.8 HIGH
An issue was discovered in the web services of Digi ConnectPort LTS before 1.4.12. It allows an attacker on the local area network to achieve unauthorized manipulation of resources, which may lead to remote code execution when combined with other issues.
CVE-2025-27583 1 Serosoft 1 Academia Student Information System 2025-06-27 N/A 9.1 CRITICAL
Incorrect access control in the component /rest/staffResource/findAllUsersAcrossOrg of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows create and modify user accounts, including an Administrator account.
CVE-2025-25953 1 Serosoft 1 Academia Student Information System 2025-06-27 N/A 6.5 MEDIUM
Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 was discovered to contain an Azure JWT access token exposure. This vulnerability allows authenticated attackers to escalate privileges and access sensitive information.