Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-862

CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,211 vulnerabilities with CWE-862

CVE-2026-24364 MEDIUM

WordPress WP User Frontend plugin <= 4.2.5 - Broken Access Control vulnerability

CVE-2026-24363 HIGH

WordPress WP Cost Estimation & Payment Forms Builder plugin < 10.3.0 - Broken Access Control vulnerability

CVE-2026-24362 MEDIUM

WordPress Ultimate Post Kit plugin <= 4.0.21 - Broken Access Control vulnerability

CVE-2026-23977 HIGH

WordPress Helpdesk Support Ticket System for WooCommerce plugin <= 2.1.2 - Broken Access Control vulnerability

CVE-2026-23972 MEDIUM

WordPress Booking and Rental Manager plugin <= 2.6.0 - Broken Access Control vulnerability

CVE-2026-23806 HIGH

WordPress Jobs for WordPress plugin <= 2.8 - Broken Access Control vulnerability

CVE-2026-22485 MEDIUM

WordPress My Album Gallery plugin <= 1.0.4 - Arbitrary File Deletion vulnerability

CVE-2026-33353 MEDIUM

Soft Serve: Authenticated repo import can clone server-local private repositories

CVE-2026-33768 MEDIUM

Astro: Unauthenticated Path Override via `x-astro-path` / `x_astro_path`

CVE-2026-33162 MEDIUM

Craft CMS 5.3.0-5.9.13 - Entry Section Move Authorization Bypass

CVE-2026-33161 MEDIUM

Craft CMS: Anonymous "assets/image-editor" calls returns private asset editor metadata to unauthorized users

CVE-2026-33160 MEDIUM

Craft CMS: Anonymous "generate transform" calls for assets can expose private assets via transform URL

CVE-2026-33159 MEDIUM

Craft CMS 4.x and 5.x - Unauthenticated Config Sync Operations

CVE-2026-33316 HIGH

Vikunja’s Improper Access Control Enables Bypass of Administrator-Imposed Account Disablement

CVE-2026-33484 HIGH

Langflow has Unauthenticated IDOR on Image Downloads

CVE-2026-4283 CRITICAL

WP DSGVO Tools (GDPR) <= 3.1.38 - Missing Authorization to Unauthenticated Account Destruction of Non-Admin Users

CVE-2026-3138 MEDIUM

Product Filter for WooCommerce by WBW <= 3.1.2 - Missing Authorization to Unauthenticated Filter Data Deletion via TRUNCATE TABLE

CVE-2026-33290 MEDIUM

WPGraphQL < 2.10.0 - Comment Moderation Authorization Bypass

CVE-2026-4056 MEDIUM

WordPress User Registration & Membership 5.0.1-5.1.4 - Auth Bypass

CVE-2026-4066 MEDIUM

Smart Custom Fields WordPress Plugin <=5.0.6 - Info Disclosure

CVE-2026-3225 MEDIUM

LearnPress WordPress Plugin <=4.3.2.8 - Auth Bypass

CVE-2026-33685 MEDIUM

AVideo Allows Unauthenticated Access to AD_Server reports.json.php that Exposes Ad Campaign Analytics and User Data

CVE-2026-33501 MEDIUM

AVideo has Unauthenticated Information Disclosure of User Group Permission Mappings via Permissions Plugin

CVE-2026-4590 LOW

kalcaddle kodbox loginSubmit API index.class.php cross-site request forgery

CVE-2026-4261 HIGH

Expire Users <= 1.2.2 - Authenticated (Subscriber+) Privilege Escalation to Administrator via save_extra_user_profile_fields

Previous Page 33 of 329 Next

Details

Vulnerabilities 8,211

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy