Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-862

CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,211 vulnerabilities with CWE-862

CVE-2026-39505 MEDIUM

WordPress Seriously Simple Podcasting plugin <= 3.14.2 - Broken Access Control vulnerability

CVE-2026-39504 MEDIUM

WordPress InstaWP Connect plugin <= 0.1.2.5 - Broken Access Control vulnerability

CVE-2026-39501 MEDIUM

WordPress FOX plugin <= 1.4.5 - Broken Access Control vulnerability

CVE-2026-39488 MEDIUM

WordPress SureCart plugin <= 4.0.2 - Broken Access Control vulnerability

CVE-2026-39485 MEDIUM

WordPress Youtube Embed Plus plugin <= 14.2.4 - Broken Access Control vulnerability

CVE-2026-39477 MEDIUM

WordPress CartFlows plugin <= 2.2.3 - Broken Access Control vulnerability

CVE-2026-39476 MEDIUM

WordPress User Feedback plugin <= 1.10.1 - Broken Access Control vulnerability

CVE-2026-3480 MEDIUM

WP Blockade <= 0.9.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution via 'shortcode' Parameter

CVE-2026-3477 MEDIUM

PZ Frontend Manager <= 1.0.6 - Missing Authorization to Arbitrary User Deletion via 'dataType' Parameter

CVE-2026-4299 MEDIUM

MainWP Child Reports <= 2.2.6 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure via Heartbeat API

CVE-2026-4003 CRITICAL

Users manager – PN <= 1.1.15 - Unauthenticated Privilege Escalation via Account Takeover via 'userspn_form_save' AJAX Action

CVE-2026-3646 MEDIUM

LTL Freight Quotes – R+L Carriers Edition <= 3.3.13 - Missing Authorization to Unauthenticated Settings Update

CVE-2026-2263 MEDIUM

Hustle – Email Marketing, Lead Generation, Optins, Popups <= 7.8.10.2 - Missing Authorization to Unauthenticated Conversion Tracking Data Manipulation

CVE-2026-4065 MEDIUM

Smart Slider 3 <= 3.5.1.33 - Missing Authorization to Authenticated (Contributor+) Slider Data Read and Image Record Manipulation

CVE-2026-39401 MEDIUM

Privilege Escalation via update_event Job Output in Cronicle

CVE-2026-39397 CRITICAL

@delmaredigital/payload-puc is missing authorization on /api/puck/* CRUD endpoints allows unauthenticated access to Puck-registered collections

CVE-2026-39360 MEDIUM

RustFS <alpha.90 UploadPartCopy - Authorization Bypass

CVE-2026-39355 CRITICAL

Genealogy is Missing Authorization in `TeamController::transferOwnership()` Allows Any Authenticated User to Hijack Any Team (Broken Access Control)

CVE-2026-39351 CRITICAL

Frappe allows unrestricted Doctype access via API exploit

CVE-2026-39348 MEDIUM

OrangeHRM is Missing Authorization Checks in AbstractFileController Subclasses Expose Job Specification and Vacancy Attachments

CVE-2026-22680 MEDIUM

OpenViking < 0.3.3 Missing Authorization via Task Polling

CVE-2026-35606 HIGH

File Browser discloses text file content via /api/resources endpoint bypassing Perm.Download check

CVE-2026-22683 HIGH

Windmill < 1.615.0 Operator Role Missing Authorization Checks RCE

CVE-2026-4292 LOW

Privilege abuse in ModelAdmin.list_editable

CVE-2026-4277 CRITICAL

Privilege abuse in GenericInlineModelAdmin

Previous Page 28 of 329 Next

Details

Vulnerabilities 8,211

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy