Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-862

CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,261 vulnerabilities with CWE-862

CVE-2025-68045 HIGH

WordPress WP Event SOlution plugin <= 4.1.12 - Broken Access Control vulnerability

CVE-2025-69332 MEDIUM

WordPress Bookify plugin <= 1.1.1 - Broken Access Control vulnerability

CVE-2025-68049 MEDIUM

WordPress bunny.net plugin <= 2.3.6 - Broken Access Control vulnerability

CVE-2025-64215 MEDIUM

WordPress MasterStudy LMS Pro plugin < 4.7.16 - Broken Access Control vulnerability

CVE-2025-53346 MEDIUM

WordPress Thim Core Plugin <= 2.3.3 - Broken Access Control Vulnerability

CVE-2025-53345 HIGH

WordPress Thim Core plugin <= 2.3.3 - Arbitrary Plugin Installation vulnerability

CVE-2025-53302 MEDIUM

WordPress Constructor theme <= 1.6.5 - Broken Access Control Vulnerability

CVE-2025-52766 MEDIUM

WordPress Printeers Print & Ship plugin <= 1.17.0 - Broken Access Control vulnerability

CVE-2025-26418 HIGH

CarDevicePolicyService - Local Privilege Escalation via Missing Permission Check

CVE-2025-12714 MEDIUM

Rank Math SEO – AI SEO Tools to Dominate SEO Rankings <= 1.0.271 - Missing Authorization to Unauthenticated Homepage Settings Modification

CVE-2025-14481 MEDIUM

Yoast SEO <= 26.5 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Exposure via 'post_id' Parameter

CVE-2025-14361 HIGH

WordPress Woocommerce Envato Affiliates plugin <= 1.2.1 - Settings Change vulnerability

CVE-2025-15369 MEDIUM

Xpro Addons — 140+ Widgets for Elementor <= 1.5.0 - Missing Authorization to Unauthenticated Xpro Template Creation

CVE-2025-4202 MEDIUM

Multicollab: Content Team Collaboration and Editorial Workflow <= 5.2 - Missing Authorization to Authenticated (Subscriber+) Collaboration Comment

CVE-2025-14755 MEDIUM

Cost Calculator Builder <= 4.0.1 - Unauthenticated Price Manipulation and Insecure Direct Object Reference

CVE-2025-15634 MEDIUM

HCL BigFix WebUI is affected by a missing authorization vulnerability

CVE-2025-66105 MEDIUM

WordPress Bus Ticket Booking with Seat Reservation plugin < 5.6.8 - Broken Access Control vulnerability

CVE-2025-11762 MEDIUM

HubSpot All-In-One Marketing - Forms, Popups, Live Chat <= 11.3.32 - Missing Authorization to Authenticated (Contributor+) Installed Plugin Disclosure

CVE-2025-62104 MEDIUM

WordPress ACF Galerie 4 plugin <= 1.4.2 - Broken Access Control vulnerability

CVE-2025-15565 MEDIUM

Nexi XPay <= 8.3.0 - Missing Authorization to Unauthenticated Order Status Modification

CVE-2025-9484 MEDIUM

Missing Authorization in GitLab

CVE-2025-14944 MEDIUM

Backup Migration <= 2.0.0 - Missing Authorization to Unauthenticated Backup Upload to Offline Storage

CVE-2025-15445 MEDIUM

Restaurant Cafeteria <= 0.4.6 - Subscriber+ Arbitrary Plugin Installation/Activation

CVE-2025-69358 HIGH

WordPress EventPrime plugin <= 4.2.6.0 - Broken Access Control vulnerability

CVE-2025-14595 MEDIUM

Missing Authorization in GitLab

Previous Page 59 of 331 Next

Details

Vulnerabilities 8,261

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy