Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-862

CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,131 vulnerabilities with CWE-862

CVE-2026-39594 MEDIUM

WordPress Ultra Addons for WPForms plugin <= 1.0.11 - Broken Access Control vulnerability

CVE-2026-39584 MEDIUM

WordPress RepairBuddy plugin <= 4.1132 - Broken Access Control vulnerability

CVE-2026-39534 HIGH

WordPress WP Directory Kit plugin <= 1.5.0 - Broken Access Control vulnerability

CVE-2026-39533 HIGH

WordPress AWP Classifieds plugin <= 4.4.4 - Broken Access Control vulnerability

CVE-2026-39525 MEDIUM

WordPress Booking Activities plugin <= 1.16.48.1 - Broken Access Control vulnerability

CVE-2026-39524 HIGH

WordPress Masteriyo - LMS plugin <= 2.1.5 - Payment Bypass vulnerability

CVE-2026-39515 MEDIUM

WordPress Motors plugin < 1.4.107 - Broken Access Control vulnerability

CVE-2026-39513 HIGH

WordPress Easy Appointments plugin <= 3.12.21 - Broken Access Control vulnerability

CVE-2026-39503 HIGH

WordPress Easy Digital Downloads plugin <= 3.6.5 - Broken Access Control vulnerability

CVE-2026-34898 HIGH

WordPress Event Tickets Manager for WooCommerce plugin <= 1.5.3 - Broken Access Control vulnerability

CVE-2026-34892 MEDIUM

WordPress Rank Math SEO plugin <= 1.0.271 - Broken Access Control vulnerability

CVE-2026-34886 HIGH

WordPress Simple Membership plugin <= 4.7.1 - Broken Access Control vulnerability

CVE-2026-25440 MEDIUM

WordPress Essential Addons for Elementor plugin < 6.6.0 - Broken Access Control vulnerability

CVE-2026-25425 HIGH

WordPress User Registration plugin <= 5.1.2 - Broken Access Control vulnerability

CVE-2026-5230 HIGH

Improper Access Control in Mia Technologies' Pizzy Library

CVE-2026-48969 MEDIUM

WordPress Really Simple SSL plugin <= 9.5.9 - Broken Access Control vulnerability

CVE-2026-34024 HIGH

Wertheim SafeController 6.15.8328.28014 - Authenticated Missing Authorization

CVE-2026-53821 HIGH

OpenClaw < 2026.5.18 - Scope Elevation in trusted-proxy Control UI WebSocket

CVE-2026-53820 MEDIUM

OpenClaw < 2026.5.12 - Exec Denylist Bypass in Bundle MCP Loopback Session Spawn

CVE-2026-48119 HIGH

Nezha Monitoring: Authenticated agents can forge service-monitor results for other users' services

CVE-2026-47120 HIGH

Nezha Monitoring - AlertRule Cron Task Ownership Bypass

CVE-2026-46716 CRITICAL

Nezha Monitoring: RoleMember can run shell on every server (cross-tenant RCE) via POST /api/v1/cron

CVE-2026-45085 MEDIUM

Discourse: Chat misauthorization and information disclosure

CVE-2026-42851 HIGH

@kitty-edit DCS + --color=geninclude vulnerable to Unauthenticated in-process RCE

CVE-2026-50244 MEDIUM

Naxclow IoT Platform Missing Authorization

Previous Page 2 of 326 Next

Details

Vulnerabilities 8,131

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy